Check for non-existent context before unwrapping debug evaluate context

szuend · Commit Bot · commit 8f869a375c91 · 2020-01-15T08:32:42.000Z
This CL attempts to fix a chrome crash seen in the wild. Without a reproducer, the current working theory is that we hit a 'null' context in some edge case, causing us to access an empty handle. This CL prevents the empty context handle to be dereferenced. TBR=yangguo@chromium.org Bug: chromium:1038747 Change-Id: Icd6f4853a22ddbf1e504f0f0f90c065b3437f8ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000752 Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#65776}
diff --git a/src/debug/debug-scopes.cc b/src/debug/debug-scopes.cc
@@ -300,7 +300,7 @@ void ScopeIterator::TryParseAndRetrieveScopes(ReparseStrategy strategy) {
 }
 
 void ScopeIterator::UnwrapEvaluationContext() {
-  if (!context_->IsDebugEvaluateContext()) return;
+  if (context_->is_null() || !context_->IsDebugEvaluateContext()) return;
   Context current = *context_;
   do {
     Object wrapped = current.get(Context::WRAPPED_CONTEXT_INDEX);

Original file line number	Diff line number	Diff line change
`@@ -300,7 +300,7 @@ void ScopeIterator::TryParseAndRetrieveScopes(ReparseStrategy strategy) {`
`300`	`300`	`}`
`301`	`301`
`302`	`302`	`void ScopeIterator::UnwrapEvaluationContext() {`
`303`		`- if (!context_->IsDebugEvaluateContext()) return;`
	`303`	`+ if (context_->is_null() \|\| !context_->IsDebugEvaluateContext()) return;`
`304`	`304`	`Context current = *context_;`
`305`	`305`	`do {`
`306`	`306`	`Object wrapped = current.get(Context::WRAPPED_CONTEXT_INDEX);`