Bug 135471

Summary: CodeBlock fails to visit the Executables of its InlineCallFrames
Product: WebKit Reporter: Mark Hahnenberg <mhahnenberg>
Component: JavaScriptCoreAssignee: Mark Hahnenberg <mhahnenberg>
Status: RESOLVED FIXED    
Severity: Normal CC: clopez, fpizlo, ggaren, ossy
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Mark Hahnenberg
Reported 2014-07-31 13:56:07 PDT
This leads to crashes after these Executables are prematurely deleted and then accessed later.
Attachments
Patch (3.45 KB, patch)
2014-07-31 13:59 PDT, Mark Hahnenberg
no flags
Mark Hahnenberg
Comment 1 2014-07-31 13:59:19 PDT
Geoffrey Garen
Comment 2 2014-07-31 16:36:53 PDT
Comment on attachment 235840 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=235840&action=review > Source/JavaScriptCore/bytecode/CodeOrigin.h:153 > return jsCast<JSFunction*>(calleeRecovery.constant()); > return 0; > } > + > + void visitAggregate(SlotVisitor& visitor) > + { > + visitor.append(&executable); > + } This poor second-class class can probably be a first-class class in its own header. That way, we provide upward mobility inside our code base.
Geoffrey Garen
Comment 3 2014-08-01 13:17:48 PDT
Comment on attachment 235840 [details] Patch Clearing flags on attachment: 235840 Committed r171946: <http://trac.webkit.org/changeset/171946>
Geoffrey Garen
Comment 4 2014-08-01 13:17:50 PDT
All reviewed patches have been landed. Closing bug.
Csaba Osztrogonác
Comment 5 2014-08-01 14:01:09 PDT
(In reply to comment #3) > (From update of attachment 235840 [details]) > Clearing flags on attachment: 235840 > > Committed r171946: <http://trac.webkit.org/changeset/171946> It broke the non Apple builds as the EWS noticed it. Thanks. :-/ Buildfix landed in http://trac.webkit.org/changeset/171949.
Note You need to log in before you can comment on or make changes to this bug.