[INFER] Fix use of uninitialized VMFrame field, bug 640608.
authorBrian Hackett <bhackett1024@gmail.com>
Thu, 10 Mar 2011 08:40:10 -0800
changeset 74749 719e89901c2919b25cf1afe0e3f9d1096656ffa1
parent 74748 e348689923e520ce8b2ac2a49e618326dcf13caa
child 74750 5844e16fdb1d917ed868d1d3385eba935516a853
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs640608
milestone2.0b13pre
[INFER] Fix use of uninitialized VMFrame field, bug 640608.
js/src/jit-test/tests/jaeger/recompile/bug640608.js
js/src/methodjit/MethodJIT.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/jaeger/recompile/bug640608.js
@@ -0,0 +1,10 @@
+try {
+{
+    function x() {}
+}
+o = (0).__proto__;
+function f(o) {
+    o._("", function() {})
+}
+f(o)
+} catch (e) {}
--- a/js/src/methodjit/MethodJIT.h
+++ b/js/src/methodjit/MethodJIT.h
@@ -195,16 +195,17 @@ class JaegerCompartment {
     }
 
     VMFrame *activeFrame() {
         return activeFrame_;
     }
 
     void pushActiveFrame(VMFrame *f) {
         f->previous = activeFrame_;
+        f->scratch = NULL;
         activeFrame_ = f;
     }
 
     void popActiveFrame() {
         JS_ASSERT(activeFrame_);
         activeFrame_ = activeFrame_->previous;
     }