WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
60672
Protect JSC from WebCore executing JS during JS wrapper finalization
https://bugs.webkit.org/show_bug.cgi?id=60672
Summary
Protect JSC from WebCore executing JS during JS wrapper finalization
Oliver Hunt
Reported
2011-05-11 15:52:44 PDT
Protect JSC from WebCore executing JS during JS wrapper finalization
Attachments
Patch
(6.93 KB, patch)
2011-05-11 18:06 PDT
,
Oliver Hunt
darin
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Oliver Hunt
Comment 1
2011-05-11 18:06:29 PDT
Created
attachment 93228
[details]
Patch
Darin Adler
Comment 2
2011-05-11 18:12:36 PDT
Comment on
attachment 93228
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=93228&action=review
It’s clean to forbid this at the JavaScriptCore level, but we’d also like to change WebCore so it doesn’t have the kind of dangerous destructors that could lead to this kind of reentrancy.
> Source/JavaScriptCore/heap/Heap.h:83 > - bool isBusy(); // true if an allocation or collection is in progress > + // true if an allocation or collection is in progress > + bool isBusy() > + { > + return m_operationInProgress != NoOperation; > + }
You could have put this inline at the end of the file. I often prefer that because I like the class definition to be as clean as possible.
Oliver Hunt
Comment 3
2011-05-11 18:31:31 PDT
Committed
r86300
: <
http://trac.webkit.org/changeset/86300
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug