Commit 0478350b authored by barraclough@apple.com's avatar barraclough@apple.com
Browse files

Linux crashes during boot

https://bugs.webkit.org/show_bug.cgi?id=83096

Reviewed by Filip Pizlo.

The bug here is that we add empty JSValues to the sparse map, and then set them
- but a GC may occur before doing so (due to a call to reportExtraMemory cost).
We may want to consider making it safe to mark empty JSValues, but the simple &
contained fix to this specific bug is to just initialize these values to
something other than JSValue().

* runtime/JSArray.cpp:
(JSC::SparseArrayValueMap::add):
    - Initialize sparse map entries.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113112 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 117223e4
2012-04-03 Gavin Barraclough <barraclough@apple.com>
Linux crashes during boot
https://bugs.webkit.org/show_bug.cgi?id=83096
Reviewed by Filip Pizlo.
The bug here is that we add empty JSValues to the sparse map, and then set them
- but a GC may occur before doing so (due to a call to reportExtraMemory cost).
We may want to consider making it safe to mark empty JSValues, but the simple &
contained fix to this specific bug is to just initialize these values to
something other than JSValue().
* runtime/JSArray.cpp:
(JSC::SparseArrayValueMap::add):
- Initialize sparse map entries.
2012-04-02 Oliver Hunt <oliver@apple.com>
 
Incorrect liveness information when inlining
......@@ -198,6 +198,8 @@ void JSArray::finalize(JSCell* cell)
inline SparseArrayValueMap::AddResult SparseArrayValueMap::add(JSArray* array, unsigned i)
{
SparseArrayEntry entry;
entry.setWithoutWriteBarrier(jsUndefined());
AddResult result = m_map.add(i, entry);
size_t capacity = m_map.capacity();
if (capacity != m_reportedCapacity) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment