[Webkit-unassigned] [Bug 156831] [WinCairo] heap corruption is detected when destructing JSGlobalObject
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 22 10:57:28 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=156831
Mark Lam <mark.lam at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #276896|review? |review-
Flags| |
--- Comment #6 from Mark Lam <mark.lam at apple.com> ---
Comment on attachment 276896
--> https://bugs.webkit.org/attachment.cgi?id=276896
Patch
(In reply to comment #5)
> Thank you for reviewing my patch.
>
> (In reply to comment #4)
> > Why is this an issue? Shouldn't both WebKit.dll and JavaScripCore.dll be
> > allocating/deallocating from the same heap of the process that loaded them?
>
> WebKit uses CRT static libarary.
> In Source/cmake/OptionsWin.cmake:
>
> > # Use the multithreaded static runtime library instead of the default DLL runtime.
> > string(REGEX REPLACE "/MD" "/MT" ${flag_var} "${${flag_var}}")
>
> Then,
>
> Potential Errors Passing CRT Objects Across DLL Boundaries
> https://msdn.microsoft.com/en-US/library/ms235460(v=vs.110).aspx
>
> > Also, because each copy of the CRT library has its own heap
> > manager, allocating memory in one CRT library and passing the
> > pointer across a DLL boundary to be freed by a different copy of
> > the CRT library is a potential cause for heap corruption.
This is the kind of good information that we should have in the ChangeLog to justify the change. Please add it. The fix to add WTF_MAKE_FAST_ALLOCATED looks good to me. I'll re-review after you've updated the patch.
r- for now.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160422/02274e2c/attachment.html>
More information about the webkit-unassigned
mailing list