[Webkit-unassigned] [Bug 79191] [JSC] The end atom of the marked block should be considered to decide if the cell is live
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 7 11:35:57 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=79191
--- Comment #12 from Geoffrey Garen <ggaren at apple.com> 2012-03-07 11:35:56 PST ---
(From update of attachment 128150)
View in context: https://bugs.webkit.org/attachment.cgi?id=128150&action=review
> Source/JavaScriptCore/heap/MarkedBlock.h:324
> + if (atomNumber > m_endAtom) { // Filters pointers into invalid cells out of the range.
You need to check ">=", not ">". See the definition of m_endAtom:
size_t m_endAtom; // This is a fuzzy end. Always test for < m_endAtom.
> Source/JavaScriptCore/heap/MarkedBlock.h:325
> + ASSERT_NOT_REACHED();
Your data say this condition is possible and not an error, so please remove this ASSERT.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list