[Webkit-unassigned] [Bug 115058] Assert in JSC::Heap::unprotect when closing facebook.com web site
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 24 12:24:30 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=115058
Stephen <sfcheng at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sfcheng at gmail.com
--- Comment #2 from Stephen <sfcheng at gmail.com> 2013-04-24 12:22:50 PST ---
Do you have a patch to share for it?
By the way, I've found this similar bug report https://bugs.webkit.org/show_bug.cgi?id=89809 . Among the changeset 121098, the modificiation done to Heap.cpp inside Heap::protect and Heap::unprotect is particullarly interesting ( check http://trac.webkit.org/changeset/121098/trunk/Source/JavaScriptCore/heap/Heap.cpp ).
The one condition assert was modified into a two condition assert in this patch as shown below:
ASSERT(JSLock::currentThreadIsHoldingLock() || !m_globalData->isSharedInstance());
Somehow, the 2nd conditon is removed again in the trunk version. If I add back the 2nd condition, it does stop the crash. This is just for your information. I don't really know what I am doing at all.
(In reply to comment #1)
> The way to fix this is to put a JSLock inside ScriptController::~ScriptController.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list