77273 – GC invoked while doing an old JIT property storage reallocation may lead to an object that refers to a dead structure

RESOLVED FIXED 77273

GC invoked while doing an old JIT property storage reallocation may lead to an object that refers to a dead structure

https://bugs.webkit.org/show_bug.cgi?id=77273

Summary GC invoked while doing an old JIT property storage reallocation may lead to a...

Filip Pizlo

Reported 2012-01-28 00:35:17 PST

Patch forthcoming.

Attachments
the patch (4.27 KB, patch) 2012-01-28 00:53 PST, Filip Pizlo	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2012-01-28 00:53:08 PST

WebKit Review Bot

Comment 2 2012-01-28 02:18:47 PST

Comment on attachment 124433 [details] the patch Clearing flags on attachment: 124433 Committed r106185: <http://trac.webkit.org/changeset/106185>

WebKit Review Bot

Comment 3 2012-01-28 02:18:51 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2012-01-28 00:35 PST

Modified

2012-01-28 02:18 PST History

CC List

1 user Show

URL

Keywords

Depends on

Blocks