Skip to site navigation (Press enter)

[webkit-changes] [106999] trunk/Source/JavaScriptCore

barraclough Tue, 07 Feb 2012 15:43:35 -0800

Title: [106999] trunk/Source/_javascript_Core

Revision: 106999
Author: [email protected]
Date: 2012-02-07 15:43:28 -0800 (Tue, 07 Feb 2012)

Log Message

Crash on http://www.rickshawbags.com/
https://bugs.webkit.org/show_bug.cgi?id=78045


Reviewed by Darin Adler.

Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag()
        
This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933,
isVariableObject() checks were excluding StaticScopeObjects, this patch
inadvertently changed them to be included.

* runtime/JSType.h:
    - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType,
      and thus is excluded from isVariableObject() checks.

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/JSType.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (106998 => 106999)


--- trunk/Source/_javascript_Core/ChangeLog	2012-02-07 23:38:19 UTC (rev 106998)
+++ trunk/Source/_javascript_Core/ChangeLog	2012-02-07 23:43:28 UTC (rev 106999)
@@ -1,3 +1,20 @@
+2012-02-07  Gavin Barraclough  <[email protected]>
+
+        Crash on http://www.rickshawbags.com/
+        https://bugs.webkit.org/show_bug.cgi?id=78045
+
+        Reviewed by Darin Adler.
+
+        Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag()
+        
+        This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933,
+        isVariableObject() checks were excluding StaticScopeObjects, this patch
+        inadvertently changed them to be included.
+
+        * runtime/JSType.h:
+            - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType,
+              and thus is excluded from isVariableObject() checks.
+
 2012-02-06  Jer Noble  <[email protected]>
 
         Use CMClock as a timing source for PlatformClock where available.

Modified: trunk/Source/_javascript_Core/runtime/JSType.h (106998 => 106999)


--- trunk/Source/_javascript_Core/runtime/JSType.h	2012-02-07 23:38:19 UTC (rev 106998)
+++ trunk/Source/_javascript_Core/runtime/JSType.h	2012-02-07 23:43:28 UTC (rev 106999)
@@ -49,11 +49,12 @@
     ErrorInstanceType,
     GlobalThisType,
 
-    // VariableObjectType must come before all of the types of its subclasses and only its subclasses.
+    StaticScopeObjectType,
+    // VariableObjectType must be less than MOST of the types of its subclasses and only its subclasses.
+    // We use >=VariableObjectType checks to test for Global & Activation objects, but exclude StaticScopes.
     VariableObjectType,
     GlobalObjectType,
     ActivationObjectType,
-    StaticScopeObjectType,
 };
 
 } // namespace JSC

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes