[Webkit-unassigned] [Bug 79191] [JSC] The end atom of the marked block should be considered to decide if the cell is live

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Mar 7 11:35:57 PST 2012


https://bugs.webkit.org/show_bug.cgi?id=79191





--- Comment #12 from Geoffrey Garen <ggaren at apple.com>  2012-03-07 11:35:56 PST ---
(From update of attachment 128150)
View in context: https://bugs.webkit.org/attachment.cgi?id=128150&action=review

> Source/JavaScriptCore/heap/MarkedBlock.h:324
> +        if (atomNumber > m_endAtom) { // Filters pointers into invalid cells out of the range.

You need to check ">=", not ">". See the definition of m_endAtom:

        size_t m_endAtom; // This is a fuzzy end. Always test for < m_endAtom.

> Source/JavaScriptCore/heap/MarkedBlock.h:325
> +            ASSERT_NOT_REACHED();

Your data say this condition is possible and not an error, so please remove this ASSERT.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list