[Webkit-unassigned] [Bug 16868] Gmail crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 15 14:33:34 PST 2008
http://bugs.webkit.org/show_bug.cgi?id=16868
------- Comment #17 from cwzwarich at uwaterloo.ca 2008-01-15 14:33 PDT -------
(In reply to comment #16)
> I was just talking to Maciej about this: I don't think we can rely on the
> m_savedExecState chain. Any code that begins a new script evaluation in a
> global context will produce an "orphaned" ExecState that isn't linked to any
> previous ExecStates.
>
> This can happen during synchronous event dispatch, or any other client code
> where the client decides to evaluate a script from inside a JavaScript
> callback.
Can you think of a test case that will crash even with my latest patch?
> Maciej suggested allocating all active ExecStates from a central storage area.
> That way, GC mark could just traverse all the active ExecStates in the central
> storage area, and we wouldn't need to rely on m_savedExecState.
Not a bad idea. It might also allow an increase in the recursion limit.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list