Bug 34321 - JSC is failing to propagate anonymous slot count on some transitions
Summary: JSC is failing to propagate anonymous slot count on some transitions
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other OS X 10.5
: P2 Normal
Assignee: Nobody
URL:
Keywords:
: 34403 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-01-29 02:45 PST by Oliver Hunt
Modified: 2010-06-28 10:34 PDT (History)
2 users (show)

See Also:


Attachments
Patch (12.05 KB, patch)
2010-01-29 02:56 PST, Oliver Hunt
no flags Details | Formatted Diff | Diff
Patch (19.13 KB, patch)
2010-02-01 00:13 PST, Oliver Hunt
mjs: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Hunt 2010-01-29 02:45:24 PST
JSC is failing to propagate anonymous slot count on some transitions
Comment 1 Oliver Hunt 2010-01-29 02:56:30 PST
Created attachment 47694 [details]
Patch
Comment 2 Darin Adler 2010-01-29 09:24:45 PST
Comment on attachment 47694 [details]
Patch

> +    push(@implContent, "    ASSERT((int)(this->structure()->anonymousSlotCount()) >= (int)AnonymousSlotCount);\n");

Why are these casts needed? If they are needed, why use C-style casts instead of C++-style?
Comment 3 Oliver Hunt 2010-01-29 11:47:08 PST
Committed r54073: <http://trac.webkit.org/changeset/54073>
Comment 4 Mark Rowe (bdash) 2010-01-29 21:31:09 PST
I rolled this out in r54100 as it introduced many thousands of leaks.
Comment 5 Oliver Hunt 2010-02-01 00:13:59 PST
Created attachment 47817 [details]
Patch
Comment 6 Maciej Stachowiak 2010-02-01 00:35:46 PST
Comment on attachment 47817 [details]
Patch

r=me
Comment 7 Oliver Hunt 2010-02-01 01:42:06 PST
*** Bug 34403 has been marked as a duplicate of this bug. ***
Comment 8 Oliver Hunt 2010-02-01 01:43:15 PST
Committed r54129
Comment 9 Vincent Danen 2010-06-28 10:34:38 PDT
This has been given the name CVE-2010-1387