Changeset 54785 in webkit for trunk/JavaScriptCore/API/JSContextRef.cpp

Timestamp:

Feb 15, 2010, 12:32:15 PM (15 years ago)

Author:

[email protected]

Message:

Fixed <rdar://problem/7628524> Crash beneath JSGlobalContextRelease when
typing in Google search field with GuardMalloc/full page heap enabled

Reviewed by Oliver Hunt.

• API/JSContextRef.cpp: Don't use APIEntryShim, since that requires

a JSGlobalData, which this function destroys. Do use setCurrentIdentifierTable
and JSLock instead, since those are the two features of APIEntryShim we
require.

File:

• trunk/JavaScriptCore/API/JSContextRef.cpp (modified) (2 diffs)

trunk/JavaScriptCore/API/JSContextRef.cpp

@@ -121 +121 @@
 {
     ExecState* exec = toJS(ctx);
-    APIEntryShim entryShim(exec, false);
+    JSLock lock(exec);
+
+    JSGlobalData& globalData = exec->globalData();
+    IdentifierTable* savedIdentifierTable = setCurrentIdentifierTable(globalData.identifierTable);
 
     gcUnprotect(exec->dynamicGlobalObject());
 
-    JSGlobalData& globalData = exec->globalData();
     if (globalData.refCount() == 2) { // One reference is held by JSGlobalObject, another added by JSGlobalContextRetain().
         // The last reference was released, this is our last chance to collect.
@@ -133 +135 @@
 
     globalData.deref();
+
+    setCurrentIdentifierTable(savedIdentifierTable);
 }