• Caitlin Potter's avatar
    [builtins] abort FrameFunctionIterator::next if frame summary empty · 18dc491c
    Caitlin Potter authored
    Previously, FrameFunctionIterator::next() assumed that the frame summary
    was non-empty. It's now possible for the list not to be empty, if the
    JS microtask pump invokes a builtin function which uses
    FrameFunctionIterator directly. While this is unlikely to show up in
    real world code, it is necessary to handle it to prevent crashes.
    
    BUG=chromium:794744
    R=mstarzinger@chromium.org, cbruni@chromium.org, verwaest@chromium.org
    
    Change-Id: Ie95c2228544f57730d1c6c1ff955b2c94ff1c06b
    Reviewed-on: https://chromium-review.googlesource.com/833266Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
    Commit-Queue: Caitlin Potter <caitp@igalia.com>
    Cr-Commit-Position: refs/heads/master@{#50221}
    18dc491c
regress-794744.js 468 Bytes