Reviewers: iposva, Kasper Lund, Description: Fix unsafe use of DescriptorWriter across allocation.
DescriptorWriters hold a raw pointer to the descriptor array and they are therefore not GC safe. Please review this at http://codereview.chromium.org/149304 SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/ Affected files: M src/factory.cc Index: src/factory.cc =================================================================== --- src/factory.cc (revision 2380) +++ src/factory.cc (working copy) @@ -594,7 +594,10 @@ if (result->LinearSearch(*key, descriptor_count) == DescriptorArray::kNotFound) { CallbacksDescriptor desc(*key, *entry, entry->property_attributes()); - w.Write(&desc); + // Do not use the DescriptorWriter 'w' here. SymbolFromString + // can cause allocations and a DescriptorWriter holds a raw + // pointer to the descriptor array and is therefore not GC safe. + result->Set(descriptor_count, &desc); descriptor_count++; } else { duplicates++; --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
