| commit | cf11a6989ab4b6984c85332b8d39ddd497842d10 | |
| author | andersca@apple.com <andersca@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> | |
| Fri, 23 May 2008 23:44:40 +0000 (23 23:44 +0000) | ||
| committer | andersca@apple.com <andersca@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> | |
| Fri, 23 May 2008 23:44:40 +0000 (23 23:44 +0000) | ||
| tree | 370d945be52e993d7f16f5721abadff37521deb3 | treesnapshot (tar.gz zip) |
| parent | 9e618fac9d480c8f439094c0919c2b86cc7c2c82 | commitdiff |
2008-05-23 Anders Carlsson <andersca@apple.com>
Reviewed by Geoff.
<rdar://problem/5959886> REGRESSION: Assertion failure in JSImmediate::toString when loading GMail (19217)
Change List to store a JSValue*** pointer + an offset instead of a JSValue** pointer to protect against the case where
a register file changes while a list object points to its buffer.
* VM/Machine.cpp:
(KJS::Machine::privateExecute):
* kjs/JSActivation.cpp:
(KJS::JSActivation::createArgumentsObject):
* kjs/list.cpp:
(KJS::List::getSlice):
* kjs/list.h:
(KJS::List::List):
(KJS::List::at):
(KJS::List::append):
(KJS::List::begin):
(KJS::List::end):
(KJS::List::buffer):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@34095 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed by Geoff.
<rdar://problem/5959886> REGRESSION: Assertion failure in JSImmediate::toString when loading GMail (19217)
Change List to store a JSValue*** pointer + an offset instead of a JSValue** pointer to protect against the case where
a register file changes while a list object points to its buffer.
* VM/Machine.cpp:
(KJS::Machine::privateExecute):
* kjs/JSActivation.cpp:
(KJS::JSActivation::createArgumentsObject):
* kjs/list.cpp:
(KJS::List::getSlice):
* kjs/list.h:
(KJS::List::List):
(KJS::List::at):
(KJS::List::append):
(KJS::List::begin):
(KJS::List::end):
(KJS::List::buffer):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@34095 268f45cc-cd09-0410-ab3c-d52691b4dbfc