Bug 90639

Summary: JSString::tryHashConstLock() fails to get exclusive lock
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch oliver: review+

Michael Saboff
Reported 2012-07-05 15:21:28 PDT
The code in JSString::tryHashConstLock() can return true when another thread currently has the lock. unsigned currentFlags = m_flags; unsigned newFlags = currentFlags | HashConstLock; if (!WTF::weakCompareAndSwap(&m_flags, currentFlags, newFlags)) return false; WTF::memoryBarrierAfterLock(); return true; It may be the case that m_flags, and therefore currentFlags has the HashConstLock bit set, but there isn't a check for that in the code after setting currentFLags. This can be remedied by adding: if (currentFlags & HashConstLock) return false; after the assignment to currentFlags.
Attachments
Patch (1.26 KB, patch)
2012-07-05 15:30 PDT, Michael Saboff 		oliver: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2012-07-05 15:30:46 PDT
Created attachment 150994 [details] Patch
Michael Saboff
Comment 2 2012-07-05 17:04:18 PDT
Committed r121928: <http://trac.webkit.org/changeset/121928>
Note You need to log in before you can comment on or make changes to this bug.