<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [WinCairo] heap corruption is detected when destructing JSGlobalObject"
   href="https://bugs.webkit.org/show_bug.cgi?id=156831#c4">Comment # 4</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [WinCairo] heap corruption is detected when destructing JSGlobalObject"
   href="https://bugs.webkit.org/show_bug.cgi?id=156831">bug 156831</a>
              from <span class="vcard"><a class="email" href="mailto:mark.lam&#64;apple.com" title="Mark Lam &lt;mark.lam&#64;apple.com&gt;"> <span class="fn">Mark Lam</span></a>
</span></b>
        <pre>(In reply to <a href="show_bug.cgi?id=156831#c2">comment #2</a>)
<span class="quote">&gt; This is caused by the heaps mismatch of allocating and deallocating.
&gt; Allocating in the heap of WebKit.dll, but Deallocating in JavaScriptCore.dll.
&gt; 
&gt; JSGlobalObject::createRareDataIfNeeded is inlined,
&gt; but JSGlobalObject::~JSGlobalObject is not inlined.</span >

Why is this an issue?  Shouldn't both WebKit.dll and JavaScripCore.dll be allocating/deallocating from the same heap of the process that loaded them?

Can you please elaborate?</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>