Bug 469995 - js_DecompileValueGenerator uses cx->fp and should be made safe, r=crowder+jorendorff
authorBenjamin Smedberg <benjamin@smedbergs.us>
Wed, 17 Dec 2008 13:15:08 -0500
changeset 23079 2bf87d135d1c0e57959112d126eb849b4fcce52f
parent 23078 7c898d7b2e9eae2b6983954cd0d6f7d2a19327a9
child 23080 12a753e1880be9d946b674f8f81b80734b536459
push id4346
push userrsayre@mozilla.com
push dateFri, 26 Dec 2008 01:26:36 +0000
treeherdermozilla-central@8eb5a5b83a93 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerscrowder
bugs469995
milestone1.9.2a1pre
Bug 469995 - js_DecompileValueGenerator uses cx->fp and should be made safe, r=crowder+jorendorff
js/src/jsopcode.cpp
--- a/js/src/jsopcode.cpp
+++ b/js/src/jsopcode.cpp
@@ -4940,18 +4940,17 @@ js_DecompileValueGenerator(JSContext *cx
     intN pcdepth;
     jsval *sp, *stackBase;
     char *name;
 
     JS_ASSERT(spindex < 0 ||
               spindex == JSDVG_IGNORE_STACK ||
               spindex == JSDVG_SEARCH_STACK);
 
-    for (fp = cx->fp; fp && !fp->script; fp = fp->down)
-        continue;
+    fp = js_GetScriptedCaller(cx, NULL);
     if (!fp || !fp->regs || !fp->regs->sp)
         goto do_fallback;
 
     script = fp->script;
     regs = fp->regs;
     pc = fp->imacpc ? fp->imacpc : regs->pc;
     if (pc < script->main || script->code + script->length <= pc) {
         JS_NOT_REACHED("bug");