Title: [148106] trunk/Source/_javascript_Core
- Revision
- 148106
- Author
- [email protected]
- Date
- 2013-04-10 10:47:44 -0700 (Wed, 10 Apr 2013)
Log Message
REGRESSION (r148073): WebKit Nightly r148082 crashes on launch in JSObjectSetPrivate
https://bugs.webkit.org/show_bug.cgi?id=114341
Reviewed by Alexey Proskuryakov.
Make JSObjectSetPrivate use uncheckedToJS as some clients
clear their private data during finalization for some reason.
* API/JSObjectRef.cpp:
(JSObjectSetPrivate):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/API/JSObjectRef.cpp (148105 => 148106)
--- trunk/Source/_javascript_Core/API/JSObjectRef.cpp 2013-04-10 17:13:40 UTC (rev 148105)
+++ trunk/Source/_javascript_Core/API/JSObjectRef.cpp 2013-04-10 17:47:44 UTC (rev 148106)
@@ -356,7 +356,7 @@
bool JSObjectSetPrivate(JSObjectRef object, void* data)
{
- JSObject* jsObject = toJS(object);
+ JSObject* jsObject = uncheckedToJS(object);
if (jsObject->inherits(&JSCallbackObject<JSGlobalObject>::s_info)) {
jsCast<JSCallbackObject<JSGlobalObject>*>(jsObject)->setPrivate(data);
Modified: trunk/Source/_javascript_Core/ChangeLog (148105 => 148106)
--- trunk/Source/_javascript_Core/ChangeLog 2013-04-10 17:13:40 UTC (rev 148105)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-04-10 17:47:44 UTC (rev 148106)
@@ -1,3 +1,16 @@
+2013-04-10 Oliver Hunt <[email protected]>
+
+ REGRESSION (r148073): WebKit Nightly r148082 crashes on launch in JSObjectSetPrivate
+ https://bugs.webkit.org/show_bug.cgi?id=114341
+
+ Reviewed by Alexey Proskuryakov.
+
+ Make JSObjectSetPrivate use uncheckedToJS as some clients
+ clear their private data during finalization for some reason.
+
+ * API/JSObjectRef.cpp:
+ (JSObjectSetPrivate):
+
2013-04-09 Oliver Hunt <[email protected]>
Add liveness tests to JSC API entry points
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
