Context Navigation

← Previous Changeset
Next Changeset →

Changeset 151747 in webkit

Timestamp:

Jun 19, 2013, 12:45:01 PM (12 years ago)

Author:

oliver@apple.com

Message:

Incorrect use of jsCast in a finalizer
https://bugs.webkit.org/show_bug.cgi?id=117807

Reviewed by Geoffrey Garen.

We can't use jsCast in a finalizer as it checks an object's structure,
and the structure may already have been swept by that point. Use a
static_cast instead.

bridge/runtime_array.cpp:

(JSC::RuntimeArray::destroy):

Location:

trunk/Source/WebCore

Files:

: 2 edited

ChangeLog (modified) (1 diff)
bridge/runtime_array.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/WebCore/ChangeLog

-              r151745
+              r151747
+-06-19  Oliver Hunt  <oliver@apple.com>
+        Incorrect use of jsCast in a finalizer
+        https://bugs.webkit.org/show_bug.cgi?id=117807
+        Reviewed by Geoffrey Garen.
+        We can't use jsCast in a finalizer as it checks an object's structure,
+        and the structure may already have been swept by that point.  Use a
+        static_cast instead.
+        * bridge/runtime_array.cpp:
+        (JSC::RuntimeArray::destroy):
 -06-19  Brent Fulgham  <bfulgham@apple.com>

trunk/Source/WebCore/bridge/runtime_array.cpp

r148696	r151747
58	58	void RuntimeArray::destroy(JSCell* cell)
59	59	{
60		~~jsC~~ast<RuntimeArray*>(cell)->RuntimeArray::~RuntimeArray();
	60	static_cast<RuntimeArray*>(cell)->RuntimeArray::~RuntimeArray();
61	61	}
62	62

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 151747 in webkit

Legend:

trunk/Source/WebCore/ChangeLog

trunk/Source/WebCore/bridge/runtime_array.cpp

Download in other formats: