Bug 77273

Summary: GC invoked while doing an old JIT property storage reallocation may lead to an object that refers to a dead structure
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch none

Description Filip Pizlo 2012-01-28 00:35:17 PST 
Patch forthcoming.
Comment 1 Filip Pizlo 2012-01-28 00:53:08 PST 
Created attachment 124433 [details]
the patch
Comment 2 WebKit Review Bot 2012-01-28 02:18:47 PST 
Comment on attachment 124433 [details]
the patch

Clearing flags on attachment: 124433

Committed r106185: <http://trac.webkit.org/changeset/106185>
Comment 3 WebKit Review Bot 2012-01-28 02:18:51 PST 
All reviewed patches have been landed.  Closing bug.