WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
160666
ASSERTION FAILED: hasInlineStorage() in JSFinalObject::visitChildren().
https://bugs.webkit.org/show_bug.cgi?id=160666
Summary
ASSERTION FAILED: hasInlineStorage() in JSFinalObject::visitChildren().
Mark Lam
Reported
2016-08-08 11:49:31 PDT
This assertion is benign. JSFinalObject::visitChildren() calls JSObject::inlineStorage() to get a pointer to the object's inline storage, and later passes it to visitor.appendValuesHidden() with a previously computed storageSize. When storageSize is 0, appendValuesHidden() ends up doing nothing. However, before we get there, JSObject::inlineStorage() will be asserting hasInlineStorage() and this assertion will fail when storageSize is 0. We can fix this assertion failure by simply adding a storageSize check before calling hasInlineStorage() and visitor.appendValuesHidden().
Attachments
proposed patch.
(3.09 KB, patch)
2016-08-08 11:54 PDT
,
Mark Lam
keith_miller
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Mark Lam
Comment 1
2016-08-08 11:54:00 PDT
Created
attachment 285577
[details]
proposed patch.
Keith Miller
Comment 2
2016-08-08 11:56:06 PDT
Comment on
attachment 285577
[details]
proposed patch. r=me.
Mark Lam
Comment 3
2016-08-08 11:58:58 PDT
Thanks for the review. Landed in
r204261
: <
http://trac.webkit.org/r204261
>.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug