Closed
Bug 722955
Opened 12 years ago
Closed 12 years ago
IonMonkey: Bailouts can corrupt rectifier frames
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: dvander, Assigned: dvander)
References
Details
Attachments
(1 file)
8.83 KB,
patch
|
cdleary
:
review+
|
Details | Diff | Splinter Review |
Rectifier frames use their frame descriptor to determine how much stack space to free. However, EnsureExitFrame changes the descriptor size (necessary for stack walking), causing rectifier frames to crash on return. bug 717297 would fix this for real, in the meantime, this patch adds a new frame type that the stack walker knows how to correct for.
Assignee | ||
Comment 1•12 years ago
|
||
With OSI + this we can run Kraken again.
Attachment #593286 -
Flags: review?(christopher.leary)
Updated•12 years ago
|
Attachment #593286 -
Flags: review?(christopher.leary) → review+
Assignee | ||
Comment 2•12 years ago
|
||
http://hg.mozilla.org/projects/ionmonkey/rev/54aff9c15bcd
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•