Context Navigation

← Previous Change
Next Change →

JSGlobalData.cpp

Timestamp:

Aug 3, 2010, 3:55:34 PM (15 years ago)

Author:

Message:

Fixed a crash seen on the GTK 64bit buildbot.

Reviewed by Oliver Hunt.

When JSArray is allocated for the vptr stealing hack, it's not allocated
in the heap, so the JSArray constructor can't safely call Heap::heap().

Since this was subtle enough to confuse smart people, I've changed JSArray
to have an explicit vptr stealing constructor.

JavaScriptCore.xcodeproj/project.pbxproj:
runtime/JSArray.cpp:

(JSC::JSArray::JSArray):

runtime/JSArray.h:

(JSC::JSArray::):

runtime/JSGlobalData.cpp:

(JSC::JSGlobalData::storeVPtrs):

File:

: 1 edited

trunk/JavaScriptCore/runtime/JSGlobalData.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JavaScriptCore/runtime/JSGlobalData.cpp

r63404	r64602
86	86
87	87	COMPILE_ASSERT(sizeof(JSArray) <= sizeof(CollectorCell), sizeof_JSArray_must_be_less_than_CollectorCell);
88		JSCell* jsArray = new (storage) JSArray(JSArray::~~createStructure(jsNull())~~);
	88	JSCell* jsArray = new (storage) JSArray(JSArray::VPtrStealingHack);
89	89	JSGlobalData::jsArrayVPtr = jsArray->vptr();
90	90	jsArray->~JSCell();

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 64602 in webkit for trunk/JavaScriptCore/runtime/JSGlobalData.cpp

Legend:

trunk/JavaScriptCore/runtime/JSGlobalData.cpp

Download in other formats: