<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><span class="vcard"><a class="email" href="mailto:mark.lam@apple.com" title="Mark Lam <mark.lam@apple.com>"> <span class="fn">Mark Lam</span></a>
</span> changed
<a class="bz_bug_link
bz_status_NEW "
title="NEW - [WinCairo] heap corruption is detected when destructing JSGlobalObject"
href="https://bugs.webkit.org/show_bug.cgi?id=156831">bug 156831</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">Attachment #276896 Flags</td>
<td>review?
</td>
<td>review-
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - [WinCairo] heap corruption is detected when destructing JSGlobalObject"
href="https://bugs.webkit.org/show_bug.cgi?id=156831#c6">Comment # 6</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - [WinCairo] heap corruption is detected when destructing JSGlobalObject"
href="https://bugs.webkit.org/show_bug.cgi?id=156831">bug 156831</a>
from <span class="vcard"><a class="email" href="mailto:mark.lam@apple.com" title="Mark Lam <mark.lam@apple.com>"> <span class="fn">Mark Lam</span></a>
</span></b>
<pre>Comment on <span class=""><a href="attachment.cgi?id=276896&action=diff" name="attach_276896" title="Patch">attachment 276896</a> <a href="attachment.cgi?id=276896&action=edit" title="Patch">[details]</a></span>
Patch
(In reply to <a href="show_bug.cgi?id=156831#c5">comment #5</a>)
<span class="quote">> Thank you for reviewing my patch.
>
> (In reply to <a href="show_bug.cgi?id=156831#c4">comment #4</a>)
> > Why is this an issue? Shouldn't both WebKit.dll and JavaScripCore.dll be
> > allocating/deallocating from the same heap of the process that loaded them?
>
> WebKit uses CRT static libarary.
> In Source/cmake/OptionsWin.cmake:
>
> > # Use the multithreaded static runtime library instead of the default DLL runtime.
> > string(REGEX REPLACE "/MD" "/MT" ${flag_var} "${${flag_var}}")
>
> Then,
>
> Potential Errors Passing CRT Objects Across DLL Boundaries
> <a href="https://msdn.microsoft.com/en-US/library/ms235460(v=vs.110).aspx">https://msdn.microsoft.com/en-US/library/ms235460(v=vs.110).aspx</a>
>
> > Also, because each copy of the CRT library has its own heap
> > manager, allocating memory in one CRT library and passing the
> > pointer across a DLL boundary to be freed by a different copy of
> > the CRT library is a potential cause for heap corruption.</span >
This is the kind of good information that we should have in the ChangeLog to justify the change. Please add it. The fix to add WTF_MAKE_FAST_ALLOCATED looks good to me. I'll re-review after you've updated the patch.
r- for now.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>