Skip to content

Commit cf0d66b

Browse files
sigatrevsigatrev
committed
[MERGE chakra-core#3208 @sigatrev] Fix crash inlining apply with no args
Merge pull request chakra-core#3208 from sigatrev:inline_apply
1 parent d62765e commit cf0d66b

3 files changed

Lines changed: 31 additions & 1 deletion

File tree

lib/Backend/Inline.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2662,7 +2662,7 @@ bool Inline::InlineApplyScriptTarget(IR::Instr *callInstr, const FunctionJITTime
26622662
const auto inlineCacheIndex = applyTargetLdOpnd->AsPropertySymOpnd()->m_inlineCacheIndex;
26632663
const auto inlineeData = inlinerData->GetLdFldInlinee(inlineCacheIndex);
26642664

2665-
if ((!isArrayOpndArgumentsObject && (argsCount == 2)) || SkipCallApplyScriptTargetInlining_Shared(callInstr, inlinerData, inlineeData, /*isApplyTarget*/ true, /*isCallTarget*/ false))
2665+
if ((!isArrayOpndArgumentsObject && (argsCount != 1)) || SkipCallApplyScriptTargetInlining_Shared(callInstr, inlinerData, inlineeData, /*isApplyTarget*/ true, /*isCallTarget*/ false))
26662666
{
26672667
*pInlineeData = inlineeData;
26682668
return false;

test/inlining/bug9936017.js

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
//-------------------------------------------------------------------------------------------------------
2+
// Copyright (C) Microsoft. All rights reserved.
3+
// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
4+
//-------------------------------------------------------------------------------------------------------
5+
6+
var obj =
7+
{
8+
foo : function() {},
9+
}
10+
11+
function test()
12+
{
13+
obj.foo.apply();
14+
}
15+
16+
function test1()
17+
{
18+
test();
19+
}
20+
21+
test1();
22+
test1();
23+
test1();
24+
25+
WScript.Echo("PASSED");

test/inlining/rlexe.xml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -274,4 +274,9 @@
274274
<compile-flags>-loopinterpretcount:1 -bgjit- -force:inline</compile-flags>
275275
</default>
276276
</test>
277+
<test>
278+
<default>
279+
<files>bug9936017.js</files>
280+
</default>
281+
</test>
277282
</regress-exe>

0 commit comments

Comments
 (0)