Bug 86034 - GC race condition in OpaqueJSClass::prototype
Summary: GC race condition in OpaqueJSClass::prototype
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Gavin Barraclough
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-09 16:20 PDT by Gavin Barraclough
Modified: 2012-05-09 17:03 PDT (History)
3 users (show)

See Also:

Attachments
Fix (2.47 KB, patch)
2012-05-09 16:31 PDT, Gavin Barraclough 		fpizlo: review+
buildbot: commit-queue-
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gavin Barraclough 2012-05-09 16:20:06 PDT 
The bug here is basically:
    if (weakref) weakref->method()
where a GC may occur between the if & the method call.
Comment 1 Gavin Barraclough 2012-05-09 16:31:08 PDT 
Created attachment 141048 [details]
Fix
Comment 2 Build Bot 2012-05-09 16:38:04 PDT 
Comment on attachment 141048 [details]
Fix

Attachment 141048 [details] did not pass mac-ews (mac):
Output: http://queues.webkit.org/results/12644873
Comment 3 Build Bot 2012-05-09 16:39:53 PDT 
Comment on attachment 141048 [details]
Fix

Attachment 141048 [details] did not pass win-ews (win):
Output: http://queues.webkit.org/results/12644874
Comment 4 Gavin Barraclough 2012-05-09 17:01:23 PDT 
Fixed in r116575
Comment 5 Gavin Barraclough 2012-05-09 17:03:57 PDT 
Ooops, landed b0rked version of patch,
build fix in r116578.