[Webkit-unassigned] [Bug 22393] Segfault when caching property accesses to primitive cells.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Nov 20 21:39:08 PST 2008
https://bugs.webkit.org/show_bug.cgi?id=22393
------- Comment #3 from barraclough at apple.com 2008-11-20 21:39 PDT -------
The bug can be circumvented by adding an isObject(baseValue) check in
tryCTICacheGetByID. I have not tested whether the problem also exists in the
non-JIT code path.
When this is fixed, cti_op_get_by_id_proto_list should also be updated (this
currently is preventing polymorphic caching of prototype accesses, since
allowing this caused a test failure in an existing Layout test).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list