[Webkit-unassigned] [Bug 156831] [WinCairo] heap corruption is detected when destructing JSGlobalObject
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 21 11:30:14 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=156831
--- Comment #4 from Mark Lam <mark.lam at apple.com> ---
(In reply to comment #2)
> This is caused by the heaps mismatch of allocating and deallocating.
> Allocating in the heap of WebKit.dll, but Deallocating in JavaScriptCore.dll.
>
> JSGlobalObject::createRareDataIfNeeded is inlined,
> but JSGlobalObject::~JSGlobalObject is not inlined.
Why is this an issue? Shouldn't both WebKit.dll and JavaScripCore.dll be allocating/deallocating from the same heap of the process that loaded them?
Can you please elaborate?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160421/46fe3aa7/attachment.html>
More information about the webkit-unassigned
mailing list