Bug 34504

Summary:

Crash in CollectorBitmap::get at nbcolympics.com

Product:

WebKit

Reporter:

Oliver Hunt <oliver>

Component:

New Bugs

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

Other

OS:

OS X 10.5

Attachments:

Description	Flags
Patch	ggaren: review+

Oliver Hunt

Reported 2010-02-02 15:44:44 PST

Crash in CollectorBitmap::get at nbcolympics.com

Attachments
Patch (12.75 KB, patch) 2010-02-02 15:52 PST, Oliver Hunt	ggaren: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Oliver Hunt

Comment 1 2010-02-02 15:52:46 PST

Created attachment 47980 [details] Patch

Geoffrey Garen

Comment 2 2010-02-02 15:57:05 PST

Comment on attachment 47980 [details] Patch r=me Might be worth adding a comment that explains that m_offset does not include anonymous slots, and the true property offset requires adding the anonymous slot count.

Darin Adler

Comment 3 2010-02-02 15:57:38 PST

Comment on attachment 47980 [details] Patch > + the effected cases by incorporating the anonymous slot count. It effected -> affected > + also removes the duplicate copy of anonymous slot count fro the fro -> from

Oliver Hunt

Comment 4 2010-02-02 17:17:44 PST

Committed r54265: <http://trac.webkit.org/changeset/54265>

Note You need to log in before you can comment on or make changes to this bug.