On Thu, Jan 23, 2014 at 12:27:10PM -0800, Chris Brannon wrote: > I'm more and more convinced that the JavaScript crashes are related to > GC and rooting, as Adam suspected. The crashes I'm seeing are occurring > in jsdom.c, and they seem to involve corruption of the JS heap, not the > heap used for edbrowse strings and other data. > Example: this one at line 1185 of jsdom.c from master: > v = JS_NewObject(jcx, cp, NULL, owner); > One of the pointers passed in is apparently pointing to something that > was freed long ago. I don't think it's jcx or cp, so it must be owner.
If I remember correctly this is in domLink, which I had to fix to get edbrowse passed linking the body tag. I've *hopefully* fixed the uo rooting (thanks for noticing that, I'd removed the rooting when I ran into the NULL pointer problem but never put it back). > So let's switch gears. I've been working with Adam's code, and it still > has GC / rooting issues. From what I can tell, JS_DefineProperty can > trigger a GC. We should not be passing unrooted jsval as the fourth > argument to JS_DefineProperty as this can also lead to a crash. Yeah, I'm not sure how to work around this. If you could test the latest code that'd be useful (corrected jwin and uo rooting). I'm not sure it fixes the event handler bug, but it's hopefully a step closer to stability. Cheers, Adam. _______________________________________________ Edbrowse-dev mailing list [email protected] http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev
