Bug 86034

Summary: GC race condition in OpaqueJSClass::prototype
Product: WebKit Reporter: Gavin Barraclough <barraclough>
Component: JavaScriptCoreAssignee: Gavin Barraclough <barraclough>
Status: RESOLVED FIXED    
Severity: Normal CC: gustavo, philn, xan.lopez
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fix fpizlo: review+, buildbot: commit-queue-

Description Gavin Barraclough 2012-05-09 16:20:06 PDT 
The bug here is basically:
    if (weakref) weakref->method()
where a GC may occur between the if & the method call.
Comment 1 Gavin Barraclough 2012-05-09 16:31:08 PDT 
Created attachment 141048 [details]
Fix
Comment 2 Build Bot 2012-05-09 16:38:04 PDT 
Comment on attachment 141048 [details]
Fix

Attachment 141048 [details] did not pass mac-ews (mac):
Output: http://queues.webkit.org/results/12644873
Comment 3 Build Bot 2012-05-09 16:39:53 PDT 
Comment on attachment 141048 [details]
Fix

Attachment 141048 [details] did not pass win-ews (win):
Output: http://queues.webkit.org/results/12644874
Comment 4 Gavin Barraclough 2012-05-09 17:01:23 PDT 
Fixed in r116575
Comment 5 Gavin Barraclough 2012-05-09 17:03:57 PDT 
Ooops, landed b0rked version of patch,
build fix in r116578.