Ignore:
Timestamp:
Mar 25, 2009, 7:34:54 PM (16 years ago)
Author:
[email protected]
Message:

2009-03-25 Geoffrey Garen <[email protected]>

Reviewed by Cameron Zwarich.


Fixed <rdar://problem/6724011> Write to freed memory in JSC::Label::deref
when reloading http://helpme.att.net/speedtest/

  • bytecompiler/BytecodeGenerator.h: Reversed the declaration order for m_labelScopes and m_labels to reverse their destruction order. m_labelScopes has references to memory within m_labels, so its destructor needs to run first.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.h

    r41884 r41998  
    434434        CodeBlock* m_codeBlock;
    435435
     436        // Some of these objects keep pointers to one another. They are arranged
     437        // to ensure a sane destruction order that avoids references to freed memory.
    436438        HashSet<RefPtr<UString::Rep>, IdentifierRepHash> m_functions;
    437439        RegisterID m_ignoredResultRegister;
     
    442444        SegmentedVector<RegisterID, 32> m_parameters;
    443445        SegmentedVector<RegisterID, 32> m_globals;
     446        SegmentedVector<Label, 32> m_labels;
    444447        SegmentedVector<LabelScope, 8> m_labelScopes;
    445         SegmentedVector<Label, 32> m_labels;
    446448        RefPtr<RegisterID> m_lastConstant;
    447449        int m_finallyDepth;
Note: See TracChangeset for help on using the changeset viewer.