[Webkit-unassigned] [Bug 69148] Crash due to out of bounds read/write in MarkedSpace
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 30 12:57:58 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=69148
--- Comment #2 from Geoffrey Garen <ggaren at apple.com> 2011-09-30 12:57:58 PST ---
The bug here is that 952 is bigger than the biggest object the Heap can allocate. Another bug is that the Heap's object size assertions did not kick in, since they assume that the Heap can allocate up to maxCellSize, when in reality it can only allocate up to maxCellSize - impreciseStep.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list