Bug 34321

Summary: JSC is failing to propagate anonymous slot count on some transitions
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: lantzwr, vdanen
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Other   
OS: OS X 10.5   
Attachments:
Description Flags
Patch
none
Patch mjs: review+

Description Oliver Hunt 2010-01-29 02:45:24 PST
JSC is failing to propagate anonymous slot count on some transitions
Comment 1 Oliver Hunt 2010-01-29 02:56:30 PST
Created attachment 47694 [details]
Patch
Comment 2 Darin Adler 2010-01-29 09:24:45 PST
Comment on attachment 47694 [details]
Patch

> +    push(@implContent, "    ASSERT((int)(this->structure()->anonymousSlotCount()) >= (int)AnonymousSlotCount);\n");

Why are these casts needed? If they are needed, why use C-style casts instead of C++-style?
Comment 3 Oliver Hunt 2010-01-29 11:47:08 PST
Committed r54073: <http://trac.webkit.org/changeset/54073>
Comment 4 Mark Rowe (bdash) 2010-01-29 21:31:09 PST
I rolled this out in r54100 as it introduced many thousands of leaks.
Comment 5 Oliver Hunt 2010-02-01 00:13:59 PST
Created attachment 47817 [details]
Patch
Comment 6 Maciej Stachowiak 2010-02-01 00:35:46 PST
Comment on attachment 47817 [details]
Patch

r=me
Comment 7 Oliver Hunt 2010-02-01 01:42:06 PST
*** Bug 34403 has been marked as a duplicate of this bug. ***
Comment 8 Oliver Hunt 2010-02-01 01:43:15 PST
Committed r54129
Comment 9 Vincent Danen 2010-06-28 10:34:38 PDT
This has been given the name CVE-2010-1387