Bug 676486 - Only compare args in StackIter when the StackFrame hasArgs (r=waldo)
authorLuke Wagner <luke@mozilla.com>
Fri, 05 Aug 2011 08:22:51 -0700
changeset 73930 672300c1bf65aede27bb2bc18479bcb4363ca7b2
parent 73929 bae3e43a51730b52db124a810f117e1e24f7fb9f
child 73931 5e542afdd814fab0341b1991a8334e32021dd7d2
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
reviewerswaldo
bugs676486
milestone8.0a1
Bug 676486 - Only compare args in StackIter when the StackFrame hasArgs (r=waldo)
js/src/jit-test/tests/basic/testBug676486.js
js/src/vm/Stack.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/testBug676486.js
@@ -0,0 +1,10 @@
+var proxy = Proxy.createFunction(
+    {},
+    function() {
+        return (function () { eval("foo") })();
+    });
+
+try {
+    new proxy();
+} catch (e) {
+}
--- a/js/src/vm/Stack.cpp
+++ b/js/src/vm/Stack.cpp
@@ -969,17 +969,18 @@ StackIter::settleOnNewState()
         if (containsFrame && (!containsCall || (Value *)fp_ >= calls_->argv())) {
             /* Nobody wants to see dummy frames. */
             if (fp_->isDummyFrame()) {
                 popFrame();
                 continue;
             }
 
             /* Censor pushed-but-not-active frames from InvokeSessionGuard. */
-            if (containsCall && !calls_->active() && calls_->argv() == fp_->actualArgs()) {
+            if (containsCall && !calls_->active() && fp_->hasArgs() &&
+                calls_->argv() == fp_->actualArgs()) {
                 popFrame();
                 continue;
             }
 
             /*
              * As an optimization, there is no CallArgsList element pushed for
              * natives called directly by a script (compiled or interpreted).
              * We catch these by inspecting the bytecode and stack. This check