Fixed function frame alignment on 32bits platforms.

diff --git a/njs/njs_function.c b/njs/njs_function.c
index 52486e8b6ec2de5ee03d22e1850d7d71464883c1..6606614f6be8c82f39b82e95924046d14f944442 100644 (file)
--- a/njs/njs_function.c
+++ b/njs/njs_function.c
@@ -237,6 +237,14 @@ njs_function_frame_alloc(njs_vm_t *vm, size_t size)
     size_t              spare_size, chunk_size;
     njs_native_frame_t  *frame;
 
+    /*
+     * The size value must be aligned to njs_value_t because vm->top_frame
+     * may point to frame->free and vm->top_frame is used as a base pointer
+     * in njs_vm_continuation() which is expected to return pointers aligned
+     * to njs_value_t.
+     */
+    size = nxt_align_size(size, sizeof(njs_value_t));
+
     spare_size = vm->top_frame->free_size;
 
     if (nxt_fast_path(size <= spare_size)) {

diff --git a/njs/test/njs_unit_test.c b/njs/test/njs_unit_test.c
index fb555b862f316bed3bf926b9db6444d2a213ea82..ed6528dfdccc3825745d6bbc58208d20ed6a00fa 100644 (file)
--- a/njs/test/njs_unit_test.c
+++ b/njs/test/njs_unit_test.c
@@ -2975,6 +2975,9 @@ static njs_unit_test_t  njs_test[] =
                  "a.forEach(function(v, i, a) { a[i+3] = a.length }); a"),
       nxt_string("1,2,3,3,4,5") },
 
+    { nxt_string("function f() { var c; [1].forEach(function(v) { c })}; f()"),
+      nxt_string("undefined") },
+
     { nxt_string("var a = [1,2,3]; var s = { sum: 0 };"
                  "[].forEach.call(a, function(v, i, a) { this.sum += v }, s);"
                  "s.sum"),