[Webkit-unassigned] [Bug 12535] Stack-optimizing compilers can trick GC into freeing in-use objects
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Feb 2 11:18:26 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=12535
------- Comment #13 from huanr at yahoo.com 2007-02-02 11:18 PDT -------
(In reply to comment #11)
> Is that really the only function hit by this bug?
>
StringImp::toObject is the only one I discovered during debugging. Is
passing member variables of JSCell in function call a common pattern in kjs?. I
did a quick search on other toObject() functions under JavaScriptCore/kjs and
did not find this issue.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list