30137 – [V8] Protect JS listener object from GC while clearing a property on it.

RESOLVED FIXED 30137

[V8] Protect JS listener object from GC while clearing a property on it.

https://bugs.webkit.org/show_bug.cgi?id=30137

Summary [V8] Protect JS listener object from GC while clearing a property on it.

Vitaly Repeshko

Reported 2009-10-06 13:09:23 PDT

[V8] Protect JS listener object from GC while clearing a property on it.

Attachments
patch (1.41 KB, patch) 2009-10-06 14:26 PDT, Vitaly Repeshko	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Vitaly Repeshko

Comment 1 2009-10-06 14:26:17 PDT

Created attachment 40745 [details] patch

Adam Barth

Comment 2 2009-10-07 09:33:10 PDT

Comment on attachment 40745 [details] patch I don't see how this is possible to test. We'd need to force GC during the clearWrapper call, but I don't think that re-enters JavaScript.... Thoughts?

WebKit Commit Bot

Comment 3 2009-10-07 10:25:13 PDT

Comment on attachment 40745 [details] patch Clearing flags on attachment: 40745 Committed r49252: <http://trac.webkit.org/changeset/49252>

WebKit Commit Bot

Comment 4 2009-10-07 10:25:17 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2009-10-06 13:09 PDT

Modified

2009-10-07 10:25 PDT History

CC List

4 users Show

URL

Keywords

Depends on

Blocks