[Webkit-unassigned] [Bug 70854] New: Tiered compilation may introduce dangling pointers in constant buffers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 25 14:39:38 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=70854
Summary: Tiered compilation may introduce dangling pointers in
constant buffers
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
Constant buffers may contain heap pointers. This works because all pointers in constant buffers are also placed into the constants array. Tiered compilation always copies the constants array from the old code block to the new optimized one. But it does not do the same thing for constant buffers. Hence the optimized code's constant buffers may contain pointers not pinned by the constants array.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list