123270 – Uninitialized member causes crash when DFG JIT is not enabled.

RESOLVED FIXED 123270

Uninitialized member causes crash when DFG JIT is not enabled.

https://bugs.webkit.org/show_bug.cgi?id=123270

Summary Uninitialized member causes crash when DFG JIT is not enabled.

peavo

Reported 2013-10-24 07:14:37 PDT

The data member sizeOfLastScratchBuffer in the VM class is only initialized if DFG JIT is enabled, even though it's defined regardless. This causes an early crash on Windows, which doesn't have DFG JIT enabled.

Attachments
Patch (1.46 KB, patch) 2013-10-24 07:19 PDT, peavo	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

peavo

Comment 1 2013-10-24 07:19:12 PDT

Created attachment 215063 [details] Patch

Brent Fulgham

Comment 2 2013-10-24 09:01:39 PDT

Comment on attachment 215063 [details] Patch r=me

WebKit Commit Bot

Comment 3 2013-10-24 09:05:12 PDT

Comment on attachment 215063 [details] Patch Clearing flags on attachment: 215063 Committed r157930: <http://trac.webkit.org/changeset/157930>

WebKit Commit Bot

Comment 4 2013-10-24 09:05:14 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2013-10-24 07:14 PDT

Modified

2013-10-24 09:05 PDT History

CC List

3 users Show

URL

Keywords

Depends on

Blocks