[Webkit-unassigned] [Bug 122277] Missing NULL check at destruct API of VectorDestructor

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Oct 6 08:31:47 PDT 2013


https://bugs.webkit.org/show_bug.cgi?id=122277





--- Comment #14 from Anders Carlsson <andersca at apple.com>  2013-10-06 08:30:39 PST ---
(In reply to comment #13)
> Even after m_styleSheetsForStyleSheetList.swap(activeStyleSheets), activeStyleSheets size value preserved when updateActiveStyleSheets returns.
> However, when destructor tries to delete elements, it had been cleared by swap call. That's why crash happens.
> 
> I couldn't understand why swap call needed because both local variables could be destroyed when it returns.

Swap is used for performance reasons since copying a vector is expensive. 

If you look at http://trac.webkit.org/browser/trunk/Source/WTF/wtf/Vector.h#L667 you do see that swap correctly swaps m_size so this has got to be a compiler bug. I suggest you build with vectorization turned off.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list