src/runtime.cc - Issue 604064: Fix stack corruption when calling non-function.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/runtime.cc

Issue 604064: Fix stack corruption when calling non-function. (Closed)

Patch Set: Created 10 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/runtime.cc

diff --git a/src/runtime.cc b/src/runtime.cc

index 26a763000aaffdb85101ee15c0e097eda3c2c3ba..ea29f3d30343df48410f2282050189187ff3aaa5 100644

--- a/src/runtime.cc

+++ b/src/runtime.cc

@@ -4768,41 +4768,6 @@ static Object* Runtime_Math_tan(Arguments args) {

}

-// The NewArguments function is only used when constructing the

-// arguments array when calling non-functions from JavaScript in

-// runtime.js:CALL_NON_FUNCTION.

-static Object* Runtime_NewArguments(Arguments args) {

- NoHandleAllocation ha;

- ASSERT(args.length() == 1);

- // ECMA-262, 3rd., 10.1.8, p.39

- CONVERT_CHECKED(JSFunction, callee, args[0]);

- // Compute the frame holding the arguments.

- JavaScriptFrameIterator it;

- it.AdvanceToArgumentsFrame();

- JavaScriptFrame* frame = it.frame();

- const int length = frame->GetProvidedParametersCount();

- Object* result = Heap::AllocateArgumentsObject(callee, length);

- if (result->IsFailure()) return result;

- if (length > 0) {

- Object* obj = Heap::AllocateFixedArray(length);

- if (obj->IsFailure()) return obj;

- FixedArray* array = FixedArray::cast(obj);

- ASSERT(array->length() == length);

- AssertNoAllocation no_gc;

- WriteBarrierMode mode = array->GetWriteBarrierMode(no_gc);

- for (int i = 0; i < length; i++) {

- array->set(i, frame->GetParameter(i), mode);

- }

- JSObject::cast(result)->set_elements(array);

- }

- return result;

static Object* Runtime_NewArgumentsFast(Arguments args) {

NoHandleAllocation ha;

ASSERT(args.length() == 3);

@@ -4955,28 +4920,6 @@ static Object* Runtime_LazyCompile(Arguments args) {

}

-static Object* Runtime_GetCalledFunction(Arguments args) {

- HandleScope scope;

- ASSERT(args.length() == 0);

- StackFrameIterator it;

- // Get past the JS-to-C exit frame.

- ASSERT(it.frame()->is_exit());

- it.Advance();

- // Get past the CALL_NON_FUNCTION activation frame.

- ASSERT(it.frame()->is_java_script());

- it.Advance();

- // Argument adaptor frames do not copy the function; we have to skip

- // past them to get to the real calling frame.

- if (it.frame()->is_arguments_adaptor()) it.Advance();

- // Get the function from the top of the expression stack of the

- // calling frame.

- StandardFrame* frame = StandardFrame::cast(it.frame());

- int index = frame->ComputeExpressionsCount() - 1;

- Object* result = frame->GetExpression(index);

- return result;

static Object* Runtime_GetFunctionDelegate(Arguments args) {

HandleScope scope;

ASSERT(args.length() == 1);

« no previous file with comments | « src/runtime.h ('k') | src/runtime.js » ('j') | no next file with comments »