[Webkit-unassigned] [Bug 23085] [jsfunfuzz] gc crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jan 3 02:20:27 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=23085
oliver at apple.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mjs at apple.com,
| |ggaren at apple.com
------- Comment #6 from oliver at apple.com 2009-01-03 02:20 PDT -------
The problem is that a scope node is being deleted prematurely, i believe the
scope node being removed in the most recent reduction is the activation for the
first function.
I honestly can't work out how/why the ref counting scheme we use for
scopechainnodes works, but i blame it for the badness.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list