Changeset 88911 in webkit


Ignore:
Timestamp:
Jun 15, 2011 12:08:41 AM (13 years ago)
Author:
ggaren@apple.com
Message:

2011-06-14 Geoffrey Garen <ggaren@apple.com>

Reviewed by Dan Bernstein.

Fixed an inavlid ASSERT I found while investigating
<rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
https://bugs.webkit.org/show_bug.cgi?id=62699

No test since we don't know of a way to get WebCore to deallocate the
next-to-finalize handle, which is also the last handle in the list,
while finalizing the second-to-last handle in the list.

  • heap/HandleHeap.h: (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a non-0 next() after updating it, since it is valid to update m_nextToFinalize to point to the tail sentinel.


Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
since it is not valid to update m_nextToFinalize to point past the tail
sentinel.


Also, use m_nextToFinalize consistently for clarity.

Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r88892 r88911  
     12011-06-14  Geoffrey Garen  <ggaren@apple.com>
     2
     3        Reviewed by Dan Bernstein.
     4
     5        Fixed an inavlid ASSERT I found while investigating
     6        <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
     7        https://bugs.webkit.org/show_bug.cgi?id=62699       
     8
     9        No test since we don't know of a way to get WebCore to deallocate the
     10        next-to-finalize handle, which is also the last handle in the list,
     11        while finalizing the second-to-last handle in the list.
     12
     13        * heap/HandleHeap.h:
     14        (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
     15        non-0 next() after updating it, since it is valid to update m_nextToFinalize
     16        to point to the tail sentinel.
     17       
     18        Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
     19        since it is not valid to update m_nextToFinalize to point past the tail
     20        sentinel.
     21       
     22        Also, use m_nextToFinalize consistently for clarity.
     23
    1242011-06-14  Gavin Barraclough  <barraclough@apple.com>
    225
  • trunk/Source/JavaScriptCore/heap/HandleHeap.h

    r88473 r88911  
    164164    Node* node = toNode(handle);
    165165    if (node == m_nextToFinalize) {
    166         m_nextToFinalize = node->next();
    167166        ASSERT(m_nextToFinalize->next());
     167        m_nextToFinalize = m_nextToFinalize->next();
    168168    }
    169169
Note: See TracChangeset for help on using the changeset viewer.