[Webkit-unassigned] [Bug 135143] JSLock release should only modify the AtomicStringTable if it modified in acquire
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 21 19:34:33 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=135143
Joseph Pecoraro <joepeck at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #235264| |review?, commit-queue?
Flag| |
--- Comment #1 from Joseph Pecoraro <joepeck at webkit.org> 2014-07-21 19:34:48 PST ---
Created an attachment (id=235264)
--> (https://bugs.webkit.org/attachment.cgi?id=235264&action=review)
[PATCH] Proposed Fix
I have been trying to create a test for this but it is proving difficult.
My plan is to create a JSContext on a non-main thread (so a non-main AtomicStringTable), delete the JSContext on the main thread (such that JSLock would have unbalanced lock and release leaving the wrong AtomicStringTable). But it seems I'm missing some complexity. In any case, the reproducible case I have (a larger application) reproduced the issue reliably.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list