[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
rjw
rjw at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:22:07 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit b5f11a61f3e1b35611404b82dfc447f6318c7d6a
Author: rjw <rjw at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Jan 14 21:00:21 2004 +0000
Fixed 3529010.
Finalize may be called on an JSObject after we've already remove all our references. The assert in this case is firing because we've received a finalize call from Java for an instance that we no longer know about. The fix is to check in finalize that we're getting a call on an instance that we still care about.
Reviewed by John.
* bindings/jni_jsobject.cpp:
(addJavaReference):
(removeJavaReference):
(RootObject::removeAllJavaReferencesForRoot):
(JSObject::invoke):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5901 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index c0d66d1..6e7fb8a 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,17 @@
+2004-01-14 Richard Williamson <rjw at apple.com>
+
+ Fixed 3529010.
+
+ Finalize may be called on an JSObject after we've already remove all our references. The assert in this case is firing because we've received a finalize call from Java for an instance that we no longer know about. The fix is to check in finalize that we're getting a call on an instance that we still care about.
+
+ Reviewed by John.
+
+ * bindings/jni_jsobject.cpp:
+ (addJavaReference):
+ (removeJavaReference):
+ (RootObject::removeAllJavaReferencesForRoot):
+ (JSObject::invoke):
+
2004-01-13 Richard Williamson <rjw at apple.com>
Fixed 3528324.
diff --git a/JavaScriptCore/bindings/jni_jsobject.cpp b/JavaScriptCore/bindings/jni_jsobject.cpp
index 08e0696..b23c385 100644
--- a/JavaScriptCore/bindings/jni_jsobject.cpp
+++ b/JavaScriptCore/bindings/jni_jsobject.cpp
@@ -153,6 +153,8 @@ static const Bindings::RootObject *rootForImp (ObjectImp *imp)
static void addJavaReference (const Bindings::RootObject *root, ObjectImp *imp)
{
+ JS_LOG ("root = %p, imp %p\n", root, imp);
+
CFMutableDictionaryRef referencesDictionary = getReferencesDictionary (root);
unsigned int numReferences = (unsigned int)CFDictionaryGetValue (referencesDictionary, imp);
@@ -167,6 +169,7 @@ static void addJavaReference (const Bindings::RootObject *root, ObjectImp *imp)
static void removeJavaReference (ObjectImp *imp)
{
+ JS_LOG ("imp %p\n", imp);
CFMutableDictionaryRef referencesDictionary = findReferenceDictionary (imp);
unsigned int numReferences = (unsigned int)CFDictionaryGetValue (referencesDictionary, imp);
@@ -306,6 +309,7 @@ void RootObject::setFindRootObjectForNativeHandleFunction(FindRootObjectForNativ
// Must be called when the applet is shutdown.
void RootObject::removeAllJavaReferencesForRoot (Bindings::RootObject *root)
{
+ JS_LOG ("_root == %p\n", root);
CFMutableDictionaryRef referencesDictionary = getReferencesDictionary (root);
if (referencesDictionary) {
@@ -392,7 +396,15 @@ jvalue JSObject::invoke (JSObjectCallContext *context)
}
case Finalize: {
- JSObject(nativeHandle).finalize();
+ ObjectImp *imp = jlong_to_impptr(nativeHandle);
+ if (findReferenceDictionary(imp) == 0) {
+ // We may have received a finalize method call from the VM
+ // AFTER removing our last reference to the Java instance.
+ JS_LOG ("finalize called on instance we have already removed.\n");
+ }
+ else {
+ JSObject(nativeHandle).finalize();
+ }
break;
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list