[Webkit-unassigned] [Bug 12535] Stack-optimizing compilers can trick GC into freeing in-use objects

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Feb 2 11:18:26 PST 2007


------- Comment #13 from huanr at yahoo.com  2007-02-02 11:18 PDT -------
(In reply to comment #11)
> Is that really the only function hit by this bug?

    StringImp::toObject is the only one I discovered during debugging. Is
passing member variables of JSCell in function call a common pattern in kjs?. I
did a quick search on other toObject() functions under JavaScriptCore/kjs and
did not find this issue.

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list