Make %DebugPushPromise more robust wrt fuzzing.

If %DebugPushPromise and throwing is called outside its intended context, we may encounter assertion failures. R=hpayer@chromium.org BUG=401915 LOG=N Review URL: https://codereview.chromium.org/453933002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23023 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-08-11 07:59:10 +00:00 · 2014-08-11 07:59:10 +00:00 · 413b20b6c1
commit 413b20b6c1
parent e1deee4181
2 changed files with 21 additions and 3 deletions
--- a/src/debug.cc
+++ b/src/debug.cc
@ -1316,11 +1316,9 @@ Handle<Object> Debug::GetPromiseOnStackOnThrow() {
      return thread_local_.promise_on_stack_->promise();
    }
    handler = handler->next();
-    // There must be a try-catch handler if a promise is on stack.
-    DCHECK_NE(NULL, handler);
    // Throwing inside a Promise can be intercepted by an inner try-catch, so
    // we stop at the first try-catch handler.
-  } while (!handler->is_catch());
+  } while (handler != NULL && !handler->is_catch());
  return undefined;
 }

--- a/test/mjsunit/regress/regress-crbug-401915.js
+++ b/test/mjsunit/regress/regress-crbug-401915.js
@ -0,0 +1,20 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --expose-debug-as debug
+
+Debug = debug.Debug;
+Debug.setListener(function() {});
+Debug.setBreakOnException();
+
+try {
+  try {
+    %DebugPushPromise(new Promise(function() {}));
+  } catch (e) {
+  }
+  throw new Error();
+} catch (e) {
+}
+
+Debug.setListener(null);