[webkit-reviews] review granted: [Bug 12216] Stack overflow crash
in JavaScript garbage collector mark pass : [Attachment
17553] [6/6] JavaScriptCore:
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 27 09:36:49 PST 2007
Darin Adler <darin at apple.com> has granted Maciej Stachowiak <mjs at apple.com>'s
request for review:
Bug 12216: Stack overflow crash in JavaScript garbage collector mark pass
http://bugs.webkit.org/show_bug.cgi?id=12216
Attachment 17553: [6/6] JavaScriptCore:
http://bugs.webkit.org/attachment.cgi?id=17553&action=edit
------- Additional Comments from Darin Adler <darin at apple.com>
50 bool overflowed();
Should be const.
All the places that use markStack.storage could probably just use markStack --
all that matters is that the size is large enough and aligned appropriately,
you don't have to use the array inside the union.
r=me
More information about the webkit-reviews
mailing list