50423 – Crashes in Photo Booth at com.apple.JavaScriptCore: JSC::Heap::markRoots + 746

Bug 50423 - Crashes in Photo Booth at com.apple.JavaScriptCore: JSC::Heap::markRoots + 746

Summary: Crashes in Photo Booth at com.apple.JavaScriptCore: JSC::Heap::markRoots + 746

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC OS X 10.5

Importance:	P2 Normal
Assignee:	Geoffrey Garen

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-12-02 16:55 PST by Geoffrey Garen
Modified:	2010-12-02 17:46 PST (History)
CC List:	3 users (show)

See Also:

Attachments
patch (5.81 KB, patch) 2010-12-02 16:55 PST, Geoffrey Garen	barraclough: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Geoffrey Garen 2010-12-02 16:55:03 PST

Patch coming.

Comment 1 Geoffrey Garen 2010-12-02 16:55:28 PST

Created attachment 75435 [details]
patch

Comment 2 Gavin Barraclough 2010-12-02 17:04:43 PST

Comment on attachment 75435 [details]
patch

I think you should also call synchronize in ~APICallbackShim.

Thread A could be running JS code, call out to a callback, release a lock (in client code), then thread B could run, schedule a GC, exit the VM, release its lock, then the callback in thread A could return from the callback & be running inside JSC with a GC scheduled on thread B.

r+ with the fix.

Comment 3 Geoffrey Garen 2010-12-02 17:16:35 PST

Committed revision 73223.

Comment 4 Geoffrey Garen 2010-12-02 17:28:39 PST

<rdar://problem/8310571>

Comment 5 Early Warning System Bot 2010-12-02 17:46:26 PST

Attachment 75435 [details] did not build on qt:
Build output: http://queues.webkit.org/results/6844014