[Webkit-unassigned] [Bug 156831] [WinCairo] heap corruption is detected when destructing JSGlobalObject
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 21 21:08:05 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=156831
--- Comment #5 from Fujii Hironori <Hironori.Fujii at sony.com> ---
Thank you for reviewing my patch.
(In reply to comment #4)
> Why is this an issue? Shouldn't both WebKit.dll and JavaScripCore.dll be
> allocating/deallocating from the same heap of the process that loaded them?
WebKit uses CRT static libarary.
In Source/cmake/OptionsWin.cmake:
> # Use the multithreaded static runtime library instead of the default DLL runtime.
> string(REGEX REPLACE "/MD" "/MT" ${flag_var} "${${flag_var}}")
Then,
Potential Errors Passing CRT Objects Across DLL Boundaries
https://msdn.microsoft.com/en-US/library/ms235460(v=vs.110).aspx
> Also, because each copy of the CRT library has its own heap
> manager, allocating memory in one CRT library and passing the
> pointer across a DLL boundary to be freed by a different copy of
> the CRT library is a potential cause for heap corruption.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160422/c5f7520f/attachment.html>
More information about the webkit-unassigned
mailing list