Incorrect upvar access on trace involving top-level scripts (507292, r=dmandelin, a=dveditz).
authorAndreas Gal <gal@mozilla.com>
Thu, 30 Jul 2009 19:18:18 -0700
changeset 26239 0d6e6ae6ba52a1038aeb7d295613bd3fb1069b22
parent 26238 ff0a7e85cc6e26a94794bba1b1fa8ebc60abf4ea
child 26240 4c10a82ac37b6e6adae461b5aeeeebc7275c2497
push id1883
push usermrbkap@mozilla.com
push dateThu, 13 Aug 2009 05:10:10 +0000
reviewersdmandelin, dveditz
bugs507292
milestone1.9.1.3pre
Incorrect upvar access on trace involving top-level scripts (507292, r=dmandelin, a=dveditz).
js/src/jstracer.cpp
--- a/js/src/jstracer.cpp
+++ b/js/src/jstracer.cpp
@@ -8752,17 +8752,17 @@ TraceRecorder::interpretedFunctionCall(j
     fi->spdist = fp->regs->sp - fp->slots;
     fi->set_argc(argc, constructing);
     fi->spoffset = 2 /*callee,this*/ + fp->argc;
 
     unsigned callDepth = getCallDepth();
     if (callDepth >= treeInfo->maxCallDepth)
         treeInfo->maxCallDepth = callDepth + 1;
     if (callDepth == 0)
-        fi->spoffset = 2 /*callee,this*/ + argc - fi->spdist;
+        fi->spoffset = -fp->script->nfixed;
 
     lir->insStorei(INS_CONSTPTR(fi), lirbuf->rp, callDepth * sizeof(FrameInfo*));
 
     atoms = fun->u.i.script->atomMap.vector;
     return JSRS_CONTINUE;
 }
 
 JS_REQUIRES_STACK JSRecordingStatus