[Webkit-unassigned] [Bug 30033] New: [chromium] DateExtension has reliability bot crashes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 2 16:23:56 PDT 2009


           Summary: [chromium] DateExtension has reliability bot crashes
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jam at chromium.org

See http://code.google.com/p/chromium/issues/detail?id=23043

Mads helped me track this down, looks like the weak persistent handle approach
is problematic since the JS function has no one else grabbing a reference to
it, so it can be destroyed during GC when the other JS enableSleepDetection
function pointers are being called.  This leads to problem since during
iteration the vector can change.

A simpler solution is to add the function pointer as a hidden value on the Date
constructor.  This patch achieves that.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list