Bug 454561 TM: Crash when JavaScript-Debugger is enabled [ @ jsd_lock ]
js_SynthesizeFrame needs to fill in all fields of JSInlineFrame.
r=brendan
--- a/js/src/jstracer.cpp
+++ b/js/src/jstracer.cpp
@@ -2395,24 +2395,47 @@ js_SynthesizeFrame(JSContext* cx, const
JSStackFrame **disp = &cx->display[script->staticDepth];
newifp->frame.displaySave = *disp;
*disp = &newifp->frame;
}
#ifdef DEBUG
newifp->frame.pcDisabledSave = 0;
#endif
+ /*
+ * Note that cx->fp->script is still the caller's script; set the callee
+ * inline frame's idea of caller version from its version.
+ */
+ newifp->callerVersion = (JSVersion) cx->fp->script->version;
+
cx->fp->regs = &newifp->callerRegs;
cx->fp = &newifp->frame;
if (fun->flags & JSFUN_HEAVYWEIGHT) {
+ /*
+ * Set hookData to null because the failure case for js_GetCallObject
+ * involves it calling the debugger hook.
+ */
+ newifp->hookData = NULL;
if (!js_GetCallObject(cx, &newifp->frame, newifp->frame.scopeChain))
return -1;
}
+ /*
+ * If there's a call hook, invoke it to compute the hookData used by
+ * debuggers that cooperate with the interpreter.
+ */
+ JSInterpreterHook hook = cx->debugHooks->callHook;
+ if (hook) {
+ newifp->hookData = hook(cx, &newifp->frame, JS_TRUE, 0,
+ cx->debugHooks->callHookData);
+ } else {
+ newifp->hookData = NULL;
+ }
+
// FIXME? we must count stack slots from caller's operand stack up to (but not including)
// callee's, including missing arguments. Could we shift everything down to the caller's
// fp->slots (where vars start) and avoid some of the complexity?
return (fi.s.spdist - cx->fp->down->script->nfixed) +
((fun->nargs > cx->fp->argc) ? fun->nargs - cx->fp->argc : 0) +
script->nfixed;
}
