Fix crash in JIT::DFG::prepareOSREntry

While verifying predictions in prepareOSREntry, locals could lay outside the stack in some cases. So we shouldn't retrieve jsValue from locals when we don't have to. Task-number: QTBUG-45299 Change-Id: I70003170348887128e11360fb501b69647194172 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
author: Julien Brianceau <jbriance@cisco.com> 2015-04-01 11:36:02 +0200
committer: Julien Brianceau <jbriance@cisco.com> 2015-04-01 11:54:08 +0000
commit: 80471d52c85ab8edd1332e084b8bf46f44571c3b (patch)
tree: 59673eb3544ccb5cf7177546061384df659c6782
parent: d5fd75b1dc0b2d81036bce50b0acce738031690e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/Source/JavaScriptCore/dfg/DFGOSREntry.cpp b/Source/JavaScriptCore/dfg/DFGOSREntry.cpp
index 5739593ee..9b75e70ab 100644
--- a/Source/JavaScriptCore/dfg/DFGOSREntry.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOSREntry.cpp
@@ -118,7 +118,7 @@ void* prepareOSREntry(ExecState* exec, CodeBlock* codeBlock, unsigned bytecodeIn
             }
             continue;
         }
-        if (!entry->m_expectedValues.local(local).validate(exec->registers()[local].jsValue())) {
+        if (!entry->m_expectedValues.local(local).isTop() && !entry->m_expectedValues.local(local).validate(exec->registers()[local].jsValue())) {
 #if ENABLE(JIT_VERBOSE_OSR)
             dataLog("    OSR failed because variable ", local, " is ", exec->registers()[local].jsValue(), ", expected ", entry->m_expectedValues.local(local), ".\n");
 #endif
author	Julien Brianceau <jbriance@cisco.com>	2015-04-01 11:36:02 +0200
committer	Julien Brianceau <jbriance@cisco.com>	2015-04-01 11:54:08 +0000
commit	80471d52c85ab8edd1332e084b8bf46f44571c3b (patch)
tree	59673eb3544ccb5cf7177546061384df659c6782
parent	d5fd75b1dc0b2d81036bce50b0acce738031690e (diff)