Bug 18060

Summary:

Assertion failure (JSLock not held) beneath JSCallbackObject<Base>::toString

Product:

WebKit

Reporter:

Adam Roben (:aroben) <aroben>

Component:

JavaScriptCore

Assignee:

Adam Roben (:aroben) <aroben>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ggaren

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
path without changelog or test	none
Patch + ChangeLog + test	ggaren: review+

Adam Roben (:aroben)

Reported 2008-03-25 00:00:35 PDT

If you have a JSObjectRef that has a JSConvertToTypeCallback in its class, JSCallbackObject<Base>::toString will call JSValue::getString with a JSLock::DropAllLocks in scope, causing an assertion failure. I've got a fix for this, but need to add a testcase to testapi.c.

Attachments
path without changelog or test (971 bytes, patch) 2008-03-25 00:00 PDT, Adam Roben (:aroben)	no flags	Details Formatted Diff Diff
Patch + ChangeLog + test (4.17 KB, patch) 2008-03-25 18:49 PDT, Adam Roben (:aroben)	ggaren: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Adam Roben (:aroben)

Comment 1 2008-03-25 00:00:59 PDT

Created attachment 20023 [details] path without changelog or test Not for review yet

Adam Roben (:aroben)

Comment 2 2008-03-25 18:49:50 PDT

Created attachment 20073 [details] Patch + ChangeLog + test

Geoffrey Garen

Comment 3 2008-03-25 21:42:10 PDT

Comment on attachment 20073 [details] Patch + ChangeLog + test r=me

Adam Roben (:aroben)

Comment 4 2008-03-26 20:37:01 PDT

Committed in r31350.

Note You need to log in before you can comment on or make changes to this bug.