[Webkit-unassigned] [Bug 131682] Reproducible crash in JavaScriptCore: JSObjectMakeArray()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jan 25 18:23:05 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=131682
--- Comment #3 from Adam <adam.fedor at gmail.com> ---
Actually, now I think it might be just an issue with the example. I can't claim to know anything about how JavaScript works, but I think the newly created objects aren't on the stack, so the garbage collector doesn't know about them, so occasionally an object just gets deallocated. Doing something like this fixes the issue:
JSValueRef a = newVectorInstance()
valueArray[0] = a;
...etc...
Does anyone know if that's right or if there is another way to keep an object from being collected? (JSValueProtect/JSValueUnprotect also works, but it seems like that is if you want the objects to be global).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150126/ad2a43ea/attachment-0002.html>
More information about the webkit-unassigned
mailing list