Bug 77273 - GC invoked while doing an old JIT property storage reallocation may lead to an object that refers to a dead structure
Summary: GC invoked while doing an old JIT property storage reallocation may lead to a...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-01-28 00:35 PST by Filip Pizlo
Modified: 2012-01-28 02:18 PST (History)
1 user (show)

See Also:

Attachments
the patch (4.27 KB, patch)
2012-01-28 00:53 PST, Filip Pizlo 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Pizlo 2012-01-28 00:35:17 PST 
Patch forthcoming.
Comment 1 Filip Pizlo 2012-01-28 00:53:08 PST 
Created attachment 124433 [details]
the patch
Comment 2 WebKit Review Bot 2012-01-28 02:18:47 PST 
Comment on attachment 124433 [details]
the patch

Clearing flags on attachment: 124433

Committed r106185: <http://trac.webkit.org/changeset/106185>
Comment 3 WebKit Review Bot 2012-01-28 02:18:51 PST 
All reviewed patches have been landed.  Closing bug.