Bug 30137

Summary: [V8] Protect JS listener object from GC while clearing a property on it.
Product: WebKit Reporter: Vitaly Repeshko <vitalyr>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, commit-queue, dglazkov, eric
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
patch none

Vitaly Repeshko
Reported 2009-10-06 13:09:23 PDT
[V8] Protect JS listener object from GC while clearing a property on it.
Attachments
patch (1.41 KB, patch)
2009-10-06 14:26 PDT, Vitaly Repeshko 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Vitaly Repeshko
Comment 1 2009-10-06 14:26:17 PDT
Created attachment 40745 [details] patch
Adam Barth
Comment 2 2009-10-07 09:33:10 PDT
Comment on attachment 40745 [details] patch I don't see how this is possible to test. We'd need to force GC during the clearWrapper call, but I don't think that re-enters JavaScript.... Thoughts?
WebKit Commit Bot
Comment 3 2009-10-07 10:25:13 PDT
Comment on attachment 40745 [details] patch Clearing flags on attachment: 40745 Committed r49252: <http://trac.webkit.org/changeset/49252>
WebKit Commit Bot
Comment 4 2009-10-07 10:25:17 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.