212601 – [JSC] JSBigInt::rightTrim can miss |this| pointer and leads to incorrect GC collection

Bug 212601 - [JSC] JSBigInt::rightTrim can miss |this| pointer and leads to incorrect GC collection

Summary: [JSC] JSBigInt::rightTrim can miss |this| pointer and leads to incorrect GC c...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Yusuke Suzuki

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-06-01 10:49 PDT by Yusuke Suzuki
Modified:	2020-06-01 13:27 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Patch (2.80 KB, patch) 2020-06-01 10:51 PDT, Yusuke Suzuki	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yusuke Suzuki 2020-06-01 10:49:55 PDT

[JSC] JSBigInt::rightTrim can miss |this| pointer and leads to incorrect GC collection

Comment 1 Yusuke Suzuki 2020-06-01 10:51:22 PDT

Created attachment 400740 [details]
Patch

Comment 2 Yusuke Suzuki 2020-06-01 10:51:50 PDT

<rdar://problem/63830021>

Comment 3 EWS 2020-06-01 13:27:16 PDT

Committed r262392: <https://trac.webkit.org/changeset/262392>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 400740 [details].