Context Navigation

← Previous Change
Next Change →

JSArray.h

Timestamp:

Aug 3, 2010, 3:55:34 PM (15 years ago)

Author:

Message:

Fixed a crash seen on the GTK 64bit buildbot.

Reviewed by Oliver Hunt.

When JSArray is allocated for the vptr stealing hack, it's not allocated
in the heap, so the JSArray constructor can't safely call Heap::heap().

Since this was subtle enough to confuse smart people, I've changed JSArray
to have an explicit vptr stealing constructor.

JavaScriptCore.xcodeproj/project.pbxproj:
runtime/JSArray.cpp:

(JSC::JSArray::JSArray):

runtime/JSArray.h:

(JSC::JSArray::):

runtime/JSGlobalData.cpp:

(JSC::JSGlobalData::storeVPtrs):

File:

: 1 edited

trunk/JavaScriptCore/runtime/JSArray.h (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JavaScriptCore/runtime/JSArray.h

-              r64588
+              r64602
     public:
+        enum VPtrStealingHackType { VPtrStealingHack };
+        JSArray(VPtrStealingHackType);
         explicit JSArray(NonNullPassRefPtr<Structure>);
         JSArray(NonNullPassRefPtr<Structure>, unsigned initialLength, ArrayCreationMode);

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 64602 in webkit for trunk/JavaScriptCore/runtime/JSArray.h

Legend:

trunk/JavaScriptCore/runtime/JSArray.h

Download in other formats: