90639 – JSString::tryHashConstLock() fails to get exclusive lock

RESOLVED FIXED 90639

JSString::tryHashConstLock() fails to get exclusive lock

https://bugs.webkit.org/show_bug.cgi?id=90639

Summary JSString::tryHashConstLock() fails to get exclusive lock

Michael Saboff

Reported 2012-07-05 15:21:28 PDT

The code in JSString::tryHashConstLock() can return true when another thread currently has the lock. unsigned currentFlags = m_flags; unsigned newFlags = currentFlags | HashConstLock; if (!WTF::weakCompareAndSwap(&m_flags, currentFlags, newFlags)) return false; WTF::memoryBarrierAfterLock(); return true; It may be the case that m_flags, and therefore currentFlags has the HashConstLock bit set, but there isn't a check for that in the code after setting currentFLags. This can be remedied by adding: if (currentFlags & HashConstLock) return false; after the assignment to currentFlags.

Attachments
Patch (1.26 KB, patch) 2012-07-05 15:30 PDT, Michael Saboff	oliver: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Michael Saboff

Comment 1 2012-07-05 15:30:46 PDT

Created attachment 150994 [details] Patch

Michael Saboff

Comment 2 2012-07-05 17:04:18 PDT

Committed r121928: <http://trac.webkit.org/changeset/121928>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Michael Saboff

Reported

2012-07-05 15:21 PDT

Modified

2012-07-05 17:04 PDT History

CC List

0 users

URL

Keywords

Depends on

Blocks