Bug 50423

Summary: Crashes in Photo Booth at com.apple.JavaScriptCore: JSC::Heap::markRoots + 746
Product: WebKit Reporter: Geoffrey Garen <ggaren>
Component: JavaScriptCoreAssignee: Geoffrey Garen <ggaren>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, sam, webkit-ews
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
patch barraclough: review+

Description Geoffrey Garen 2010-12-02 16:55:03 PST 
Patch coming.
Comment 1 Geoffrey Garen 2010-12-02 16:55:28 PST 
Created attachment 75435 [details]
patch
Comment 2 Gavin Barraclough 2010-12-02 17:04:43 PST 
Comment on attachment 75435 [details]
patch

I think you should also call synchronize in ~APICallbackShim.

Thread A could be running JS code, call out to a callback, release a lock (in client code), then thread B could run, schedule a GC, exit the VM, release its lock, then the callback in thread A could return from the callback & be running inside JSC with a GC scheduled on thread B.

r+ with the fix.
Comment 3 Geoffrey Garen 2010-12-02 17:16:35 PST 
Committed revision 73223.
Comment 4 Geoffrey Garen 2010-12-02 17:28:39 PST 
<rdar://problem/8310571>
Comment 5 Early Warning System Bot 2010-12-02 17:46:26 PST 
Attachment 75435 [details] did not build on qt:
Build output: http://queues.webkit.org/results/6844014