Bug 153546

Summary: Air::TmpWidth uses a stale pointer into its HashMap after it calls add()
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, benjamin, ggaren, keith_miller, mark.lam, mhahnenb, msaboff, oliver, saam, sam
Priority: P2    
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 150279    
Attachments:
Description Flags
the patch saam: review+

Description Filip Pizlo 2016-01-27 09:07:30 PST
Patch forthcoming.
Comment 1 Filip Pizlo 2016-01-27 09:10:39 PST
Created attachment 270001 [details]
the patch
Comment 2 Saam Barati 2016-01-27 11:01:13 PST
Comment on attachment 270001 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=270001&action=review

r=me

> Source/JavaScriptCore/b3/air/AirTmpWidth.cpp:142
> +            // We already ensures that both tmps are added to the width map. That's important

I don't think this comment is needed given the above. 
If you think we need is, "ensures" => "ensure"
Comment 3 Filip Pizlo 2016-01-27 12:11:21 PST
Landed in http://trac.webkit.org/changeset/195683