[Webkit-unassigned] [Bug 49976] [Qt] Fix crashes in debug mode
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 6 07:58:52 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=49976
--- Comment #12 from Oliver Hunt <oliver at apple.com> 2010-12-06 07:58:51 PST ---
(In reply to comment #11)
> (In reply to comment #9)
> > > Structures aren't GC allocated, i assume you mean the global object reference?
>
> (In reply to comment #9)
> > > Structures aren't GC allocated, i assume you mean the global object reference?
> >
> > Yeah, I was not precise:
> >
> > static PassRefPtr<Structure> createStructure(JSValue proto).
> > {
> > return Structure::create(proto, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount);.
> > }
> >
> > The "proto" object is freed.
>
> Ah hell, no. So you were right:
>
> JSObjectWithGlobalObject::JSObjectWithGlobalObject (base class of InternalFunction)
> putAnonymousValue(GlobalObjectSlot, globalObject);
>
> Hm, shall this class should mark its "globalObject" ?
Its global object should be marked through the base JSObject::markChildren method (which marks all of the properties slots, including anon. storage)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list