From 9cce4ff2852d465d8319d47bba92405ce3990f2f Mon Sep 17 00:00:00 2001
From: verwaest <verwaest@chromium.org>
Date: Mon, 2 Feb 2015 22:22:23 -0800
Subject: [PATCH] Clear pending exception on stack overflow in the parser

BUG=450960
LOG=n

Review URL: https://codereview.chromium.org/858213003

Cr-Commit-Position: refs/heads/master@{#26390}
---
 src/runtime/runtime-internal.cc              | 10 ++++++++--
 test/mjsunit/regress/regress-crbug-450960.js | 20 ++++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 test/mjsunit/regress/regress-crbug-450960.js

diff --git a/src/runtime/runtime-internal.cc b/src/runtime/runtime-internal.cc
index 370b190107..bd61c46e36 100644
--- a/src/runtime/runtime-internal.cc
+++ b/src/runtime/runtime-internal.cc
@@ -166,14 +166,20 @@ RUNTIME_FUNCTION(Runtime_RenderCallSite) {
   Zone zone;
   if (location.function()->shared()->is_function()) {
     CompilationInfo info(location.function(), &zone);
-    if (!Parser::Parse(&info)) return isolate->heap()->empty_string();
+    if (!Parser::Parse(&info)) {
+      isolate->clear_pending_exception();
+      return isolate->heap()->empty_string();
+    }
     CallPrinter printer(isolate, &zone);
     const char* string = printer.Print(info.function(), location.start_pos());
     return *isolate->factory()->NewStringFromAsciiChecked(string);
   }
 
   CompilationInfo info(location.script(), &zone);
-  if (!Parser::Parse(&info)) return isolate->heap()->empty_string();
+  if (!Parser::Parse(&info)) {
+    isolate->clear_pending_exception();
+    return isolate->heap()->empty_string();
+  }
   CallPrinter printer(isolate, &zone);
   const char* string = printer.Print(info.function(), location.start_pos());
   return *isolate->factory()->NewStringFromAsciiChecked(string);
diff --git a/test/mjsunit/regress/regress-crbug-450960.js b/test/mjsunit/regress/regress-crbug-450960.js
new file mode 100644
index 0000000000..f745522dbe
--- /dev/null
+++ b/test/mjsunit/regress/regress-crbug-450960.js
@@ -0,0 +1,20 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --stack-size=70
+
+"a".replace(/a/g, "");
+
+function test() {
+   try {
+     test();
+   } catch(e) {
+     "b".replace(/(b)/g, new []);
+   }
+}
+
+try {
+  test();
+} catch (e) {
+}