SynthesizeSlowNativeFrame does: fp->argc = state.nativeVpLen - 2 However, nativeVpLen is given: 2 + (number of arguments) + fun->u.n.extra It seems like it should be set to fp->argc = state.nativeVpLen - 2 - fun->u.n.extra
I put JS_ASSERT(fun->u.n.extra == 0) in callNative and ran trace, ref, and xpcshell tests without hitting it. This suggests that we just bail for natives with u.n.extra > 0. This also simplifies bug 540706.
Created attachment 427442 [details] [diff] [review] fix
Assignee: general → lw
Status: NEW → ASSIGNED
Attachment #427442 - Flags: review?(dvander)
Attachment #427442 - Flags: review?(dvander) → review+
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.