[Webkit-unassigned] [Bug 30033] New: [chromium] DateExtension has reliability bot crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 2 16:23:56 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=30033
Summary: [chromium] DateExtension has reliability bot crashes
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore JavaScript
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: jam at chromium.org
See http://code.google.com/p/chromium/issues/detail?id=23043
Mads helped me track this down, looks like the weak persistent handle approach
is problematic since the JS function has no one else grabbing a reference to
it, so it can be destroyed during GC when the other JS enableSleepDetection
function pointers are being called. This leads to problem since during
iteration the vector can change.
A simpler solution is to add the function pointer as a hidden value on the Date
constructor. This patch achieves that.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list