Summary: | JSC is failing to propagate anonymous slot count on some transitions | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Oliver Hunt <oliver> | ||||||
Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | lantzwr, vdanen | ||||||
Priority: | P2 | ||||||||
Version: | 528+ (Nightly build) | ||||||||
Hardware: | Other | ||||||||
OS: | OS X 10.5 | ||||||||
Attachments: |
|
Description
Oliver Hunt
2010-01-29 02:45:24 PST
Created attachment 47694 [details]
Patch
Comment on attachment 47694 [details] Patch > + push(@implContent, " ASSERT((int)(this->structure()->anonymousSlotCount()) >= (int)AnonymousSlotCount);\n"); Why are these casts needed? If they are needed, why use C-style casts instead of C++-style? Committed r54073: <http://trac.webkit.org/changeset/54073> I rolled this out in r54100 as it introduced many thousands of leaks. Created attachment 47817 [details]
Patch
Comment on attachment 47817 [details]
Patch
r=me
*** Bug 34403 has been marked as a duplicate of this bug. *** This has been given the name CVE-2010-1387 |