2008-05-23 Anders Carlsson <andersca@apple.com>
authorandersca@apple.com <andersca@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 23 May 2008 23:44:40 +0000 (23:44 +0000)
committerandersca@apple.com <andersca@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 23 May 2008 23:44:40 +0000 (23:44 +0000)
commitbebdfa716b9074518d84682452d1ee87bd166dd4
tree370d945be52e993d7f16f5721abadff37521deb3
parent54f311b66e7027ef1dfd35a7e73cd36577816cb2
2008-05-23  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5959886> REGRESSION: Assertion failure in JSImmediate::toString when loading GMail (19217)

        Change List to store a JSValue*** pointer + an offset instead of a JSValue** pointer to protect against the case where
        a register file changes while a list object points to its buffer.

        * VM/Machine.cpp:
        (KJS::Machine::privateExecute):
        * kjs/JSActivation.cpp:
        (KJS::JSActivation::createArgumentsObject):
        * kjs/list.cpp:
        (KJS::List::getSlice):
        * kjs/list.h:
        (KJS::List::List):
        (KJS::List::at):
        (KJS::List::append):
        (KJS::List::begin):
        (KJS::List::end):
        (KJS::List::buffer):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@34095 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JavaScriptCore/ChangeLog
JavaScriptCore/VM/Machine.cpp
JavaScriptCore/kjs/JSActivation.cpp
JavaScriptCore/kjs/list.cpp
JavaScriptCore/kjs/list.h