<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - [WinCairo] heap corruption is detected when destructing JSGlobalObject"
href="https://bugs.webkit.org/show_bug.cgi?id=156831#c5">Comment # 5</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - [WinCairo] heap corruption is detected when destructing JSGlobalObject"
href="https://bugs.webkit.org/show_bug.cgi?id=156831">bug 156831</a>
from <span class="vcard"><a class="email" href="mailto:Hironori.Fujii@sony.com" title="Fujii Hironori <Hironori.Fujii@sony.com>"> <span class="fn">Fujii Hironori</span></a>
</span></b>
<pre>Thank you for reviewing my patch.
(In reply to <a href="show_bug.cgi?id=156831#c4">comment #4</a>)
<span class="quote">> Why is this an issue? Shouldn't both WebKit.dll and JavaScripCore.dll be
> allocating/deallocating from the same heap of the process that loaded them?</span >
WebKit uses CRT static libarary.
In Source/cmake/OptionsWin.cmake:
<span class="quote">> # Use the multithreaded static runtime library instead of the default DLL runtime.
> string(REGEX REPLACE "/MD" "/MT" ${flag_var} "${${flag_var}}")</span >
Then,
Potential Errors Passing CRT Objects Across DLL Boundaries
<a href="https://msdn.microsoft.com/en-US/library/ms235460(v=vs.110).aspx">https://msdn.microsoft.com/en-US/library/ms235460(v=vs.110).aspx</a>
<span class="quote">> Also, because each copy of the CRT library has its own heap
> manager, allocating memory in one CRT library and passing the
> pointer across a DLL boundary to be freed by a different copy of
> the CRT library is a potential cause for heap corruption.</span ></pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>