[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da

ggaren at apple.com ggaren at apple.com
Wed Dec 22 17:49:20 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit f1f013607a092969234d173e89d950d5a8ab2a60
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Nov 30 22:57:02 2010 +0000

    Fixed a crash seen when using a PageAllocation to store itself.
    
    Reviewed by Gavin Barraclough.
    
    * wtf/PageAllocation.h:
    (WTF::PageAllocation::systemDeallocate): Zero out m_base before unmapping
    it, in case unmapping m_base unmaps the PageAllocation.
    
    * wtf/BumpPointerAllocator.h:
    (WTF::BumpPointerPool::destroy): Now this work-around isn't needed!
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@72967 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 053afd2..8bbb8ef 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-11-30  Geoffrey Garen  <ggaren at apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Fixed a crash seen when using a PageAllocation to store itself.
+
+        * wtf/PageAllocation.h:
+        (WTF::PageAllocation::systemDeallocate): Zero out m_base before unmapping
+        it, in case unmapping m_base unmaps the PageAllocation.
+
+        * wtf/BumpPointerAllocator.h:
+        (WTF::BumpPointerPool::destroy): Now this work-around isn't needed!
+
 2010-11-30  Xan Lopez  <xlopez at igalia.com>
 
         Reviewed by Darin Adler.
diff --git a/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj b/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
index a1e1c5c..b40d74e 100644
--- a/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
+++ b/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
@@ -2446,6 +2446,7 @@
 			isa = PBXProject;
 			buildConfigurationList = 149C277108902AFE008A9EFC /* Build configuration list for PBXProject "JavaScriptCore" */;
 			compatibilityVersion = "Xcode 2.4";
+			developmentRegion = English;
 			hasScannedForEncodings = 1;
 			knownRegions = (
 				English,
diff --git a/JavaScriptCore/wtf/BumpPointerAllocator.h b/JavaScriptCore/wtf/BumpPointerAllocator.h
index 3deefe6..682283c 100644
--- a/JavaScriptCore/wtf/BumpPointerAllocator.h
+++ b/JavaScriptCore/wtf/BumpPointerAllocator.h
@@ -138,10 +138,7 @@ private:
 
     void destroy()
     {
-        // Don't call deallocate on allocation, because allocation is *inside* allocation,
-        // and it will get deallocated before deallocate has completed!
-        PageAllocation allocation = m_allocation;
-        allocation.deallocate();
+        m_allocation.deallocate();
     }
 
     static BumpPointerPool* ensureCapacityCrossPool(BumpPointerPool* previousPool, size_t size)
diff --git a/JavaScriptCore/wtf/PageAllocation.h b/JavaScriptCore/wtf/PageAllocation.h
index 26d53a5..c13821c 100644
--- a/JavaScriptCore/wtf/PageAllocation.h
+++ b/JavaScriptCore/wtf/PageAllocation.h
@@ -29,6 +29,7 @@
 #include <wtf/Assertions.h>
 #include <wtf/UnusedParam.h>
 #include <wtf/VMTags.h>
+#include <algorithm>
 
 #if OS(DARWIN)
 #include <mach/mach_init.h>
@@ -266,9 +267,11 @@ inline PageAllocation PageAllocation::systemAllocateAligned(size_t size, Usage u
 
 inline void PageAllocation::systemDeallocate(bool)
 {
-    int result = munmap(m_base, m_size);
+    void* tmp = 0;
+    std::swap(tmp, m_base);
+
+    int result = munmap(tmp, m_size);
     ASSERT_UNUSED(result, !result);
-    m_base = 0;
 }
 
 inline size_t PageAllocation::systemPageSize()
@@ -303,14 +306,16 @@ inline PageAllocation PageAllocation::systemAllocateAligned(size_t size, Usage u
 
 inline void PageAllocation::systemDeallocate(bool committed)
 {
+    void* tmp = 0;
+    std::swap(tmp, m_base);
+
 #if OS(WINCE)
     if (committed)
-        VirtualFree(m_base, m_size, MEM_DECOMMIT);
+        VirtualFree(tmp, m_size, MEM_DECOMMIT);
 #else
     UNUSED_PARAM(committed);
 #endif
-    VirtualFree(m_base, 0, MEM_RELEASE); 
-    m_base = 0;
+    VirtualFree(tmp, 0, MEM_RELEASE); 
 }
 
 inline size_t PageAllocation::systemPageSize()
@@ -338,9 +343,11 @@ inline PageAllocation PageAllocation::systemAllocate(size_t size, Usage usage, b
 
 inline void PageAllocation::systemDeallocate(bool)
 {
+    void* tmp = 0;
+    std::swap(tmp, m_base);
+
     m_chunk->Close();
     delete m_chunk;
-    m_base = 0;
 }
 
 inline size_t PageAllocation::systemPageSize()

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list