Skip to content

V
V8
Commit e33f70db authored by sgjesse@chromium.org's avatar sgjesse@chromium.org
Browse files
Options

Fix an issue of a raw pointer being returned after possible allocation. 

Review URL: http://codereview.chromium.org/14833

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 358591f9
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 1 deletion
src/ic.cc
View file @ e33f70db
...@@ -355,14 +355,19 @@ Object* CallIC::LoadFunction(State state, ...@@ -355,14 +355,19 @@ Object* CallIC::LoadFunction(State state,
// If performing debug step into then flood this function with one-shot // If performing debug step into then flood this function with one-shot
// break points if it is called from where step into was requested. // break points if it is called from where step into was requested.
if (Debug::StepInActive() && fp() == Debug::step_in_fp()) { if (Debug::StepInActive() && fp() == Debug::step_in_fp()) {
// Protect the result in a handle as the debugger can allocate and might
// cause GC.
HandleScope scope;
Handle<Object> result_handle(result);
// Don't allow step into functions in the native context. // Don't allow step into functions in the native context.
if (JSFunction::cast(result)->context()->global() != if (JSFunction::cast(result)->context()->global() !=
Top::context()->builtins()) { Top::context()->builtins()) {
HandleScope scope;
Handle<SharedFunctionInfo> shared(JSFunction::cast(result)->shared()); Handle<SharedFunctionInfo> shared(JSFunction::cast(result)->shared());
Debug::FloodWithOneShot(shared); Debug::FloodWithOneShot(shared);
} }
return *result_handle;
} }
return result; return result;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment