Bug 34504

Summary:

Crash in CollectorBitmap::get at nbcolympics.com

Product:

WebKit

Reporter:

Oliver Hunt <oliver>

Component:

New Bugs

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

Other

OS:

OS X 10.5

Attachments:

Description	Flags
Patch	ggaren: review+

Description Oliver Hunt 2010-02-02 15:44:44 PST

Crash in CollectorBitmap::get at nbcolympics.com

Comment 1 Oliver Hunt 2010-02-02 15:52:46 PST

Created attachment 47980 [details]
Patch

Comment 2 Geoffrey Garen 2010-02-02 15:57:05 PST

Comment on attachment 47980 [details]
Patch

r=me

Might be worth adding a comment that explains that m_offset does not include anonymous slots, and the true property offset requires adding the anonymous slot count.

Comment 3 Darin Adler 2010-02-02 15:57:38 PST

Comment on attachment 47980 [details]
Patch

> +        the effected cases by incorporating the anonymous slot count. It

effected -> affected

> +        also removes the duplicate copy of anonymous slot count fro the

fro -> from

Comment 4 Oliver Hunt 2010-02-02 17:17:44 PST

Committed r54265: <http://trac.webkit.org/changeset/54265>