Title: [92050] trunk/Source/_javascript_Core
- Revision
- 92050
- Author
- [email protected]
- Date
- 2011-07-30 04:43:07 -0700 (Sat, 30 Jul 2011)
Log Message
MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
https://bugs.webkit.org/show_bug.cgi?id=65263
Reviewed by Dmitry Titov.
* wtf/Deque.h:
(WTF::::operator): Don't check the validity of an iterator
that will be reassigned right now.
* wtf/MessageQueue.h:
(WTF::::removeIf): Revert r51198 as I beleave this is the better
solution for the problem that was solved by that.
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (92049 => 92050)
--- trunk/Source/_javascript_Core/ChangeLog 2011-07-30 07:16:09 UTC (rev 92049)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-07-30 11:43:07 UTC (rev 92050)
@@ -1,3 +1,17 @@
+2011-07-30 Balazs Kelemen <[email protected]>
+
+ MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
+ https://bugs.webkit.org/show_bug.cgi?id=65263
+
+ Reviewed by Dmitry Titov.
+
+ * wtf/Deque.h:
+ (WTF::::operator): Don't check the validity of an iterator
+ that will be reassigned right now.
+ * wtf/MessageQueue.h:
+ (WTF::::removeIf): Revert r51198 as I beleave this is the better
+ solution for the problem that was solved by that.
+
2011-07-29 Filip Pizlo <[email protected]>
JSC GC zombie support no longer works, and is likely no longer needed.
Modified: trunk/Source/_javascript_Core/wtf/Deque.h (92049 => 92050)
--- trunk/Source/_javascript_Core/wtf/Deque.h 2011-07-30 07:16:09 UTC (rev 92049)
+++ trunk/Source/_javascript_Core/wtf/Deque.h 2011-07-30 11:43:07 UTC (rev 92050)
@@ -613,7 +613,6 @@
template<typename T, size_t inlineCapacity>
inline DequeIteratorBase<T, inlineCapacity>& DequeIteratorBase<T, inlineCapacity>::operator=(const Base& other)
{
- checkValidity();
other.checkValidity();
removeFromIteratorsList();
Modified: trunk/Source/_javascript_Core/wtf/MessageQueue.h (92049 => 92050)
--- trunk/Source/_javascript_Core/wtf/MessageQueue.h 2011-07-30 07:16:09 UTC (rev 92049)
+++ trunk/Source/_javascript_Core/wtf/MessageQueue.h 2011-07-30 11:43:07 UTC (rev 92050)
@@ -172,16 +172,12 @@
inline void MessageQueue<DataType>::removeIf(Predicate& predicate)
{
MutexLocker lock(m_mutex);
- // See bug 31657 for why this loop looks so weird
- while (true) {
- DequeConstIterator<DataType*> found = m_queue.findIf(predicate);
- if (found == m_queue.end())
- break;
-
+ DequeConstIterator<DataType*> found = m_queue.end();
+ while ((found = m_queue.findIf(predicate)) != m_queue.end()) {
DataType* message = *found;
m_queue.remove(found);
delete message;
- }
+ }
}
template<typename DataType>
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
