JavaScriptCore:
authormjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 16 Jan 2008 23:16:53 +0000 (23:16 +0000)
committermjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 16 Jan 2008 23:16:53 +0000 (23:16 +0000)
commit0ec334920c9a9f2871da0a3a73c301b06f198f45
tree25ac61cd4a210c831ed9e6024f540bb4dbe800fe
parent75f61322091ce0af5508cc720885131c69091910
JavaScriptCore:

        Reviewed by Maciej & Darin.

        Fixes Bug 16868: Gmail crash
          and Bug 16871: Crash when loading apple.com/startpage

        <http://bugs.webkit.org/show_bug.cgi?id=16868>
        <rdar://problem/5686108>

        <http://bugs.webkit.org/show_bug.cgi?id=16871>
        <rdar://problem/5686670>

        Adds ActivationImp tear-off for cross-window eval() and fixes an
        existing garbage collection issue exposed by the ActivationImp tear-off
        patch (r29425) that can occur when an ExecState's m_callingExec is
        different than its m_savedExec.

        * kjs/ExecState.cpp:
        (KJS::ExecState::mark):
        * kjs/function.cpp:
        (KJS::GlobalFuncImp::callAsFunction):

LayoutTests:

        Reviewed by Maciej.

        Added a test that checks whether ActivationImp tear-off occurs before
        a cross-window eval(). Relevant to

        Bug 16868: Gmail crash

        <http://bugs.webkit.org/show_bug.cgi?id=16868>
        <rdar://problem/5686108>

        * fast/js/window-eval-tearoff-expected.txt: Added.
        * fast/js/window-eval-tearoff.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@29542 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JavaScriptCore/ChangeLog
JavaScriptCore/kjs/ExecState.cpp
JavaScriptCore/kjs/function.cpp
LayoutTests/ChangeLog
LayoutTests/fast/js/window-eval-tearoff-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/window-eval-tearoff.html [new file with mode: 0644]