[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.21-584-g1e41756

ggaren at apple.com ggaren at apple.com
Fri Feb 26 22:20:17 UTC 2010 

The following commit has been merged in the webkit-1.1 branch:
commit 6334f75672c62094ad550eb2ef0df9a2003085c4
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Mon Feb 15 20:32:15 2010 +0000

    Fixed <rdar://problem/7628524> Crash beneath JSGlobalContextRelease when
    typing in Google search field with GuardMalloc/full page heap enabled
    
    Reviewed by Oliver Hunt.
    
    * API/JSContextRef.cpp: Don't use APIEntryShim, since that requires
    a JSGlobalData, which this function destroys. Do use setCurrentIdentifierTable
    and JSLock instead, since those are the two features of APIEntryShim we
    require.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@54785 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/API/JSContextRef.cpp b/JavaScriptCore/API/JSContextRef.cpp
index 6bdc3c8..2c76338 100644
--- a/JavaScriptCore/API/JSContextRef.cpp
+++ b/JavaScriptCore/API/JSContextRef.cpp
@@ -120,11 +120,13 @@ JSGlobalContextRef JSGlobalContextRetain(JSGlobalContextRef ctx)
 void JSGlobalContextRelease(JSGlobalContextRef ctx)
 {
     ExecState* exec = toJS(ctx);
-    APIEntryShim entryShim(exec, false);
+    JSLock lock(exec);
+
+    JSGlobalData& globalData = exec->globalData();
+    IdentifierTable* savedIdentifierTable = setCurrentIdentifierTable(globalData.identifierTable);
 
     gcUnprotect(exec->dynamicGlobalObject());
 
-    JSGlobalData& globalData = exec->globalData();
     if (globalData.refCount() == 2) { // One reference is held by JSGlobalObject, another added by JSGlobalContextRetain().
         // The last reference was released, this is our last chance to collect.
         globalData.heap.destroy();
@@ -132,6 +134,8 @@ void JSGlobalContextRelease(JSGlobalContextRef ctx)
         globalData.heap.collectAllGarbage();
 
     globalData.deref();
+
+    setCurrentIdentifierTable(savedIdentifierTable);
 }
 
 JSObjectRef JSContextGetGlobalObject(JSContextRef ctx)
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index c9cf5a1..2dc29c0 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-02-15  Geoffrey Garen  <ggaren at apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fixed <rdar://problem/7628524> Crash beneath JSGlobalContextRelease when
+        typing in Google search field with GuardMalloc/full page heap enabled
+
+        * API/JSContextRef.cpp: Don't use APIEntryShim, since that requires
+        a JSGlobalData, which this function destroys. Do use setCurrentIdentifierTable
+        and JSLock instead, since those are the two features of APIEntryShim we
+        require.
+
 2010-02-15  Patrick Gansterer  <paroga at paroga.com>
 
         Reviewed by Laszlo Gombos.

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list