2011-02-03 Geoffrey Garen <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Not all blocks are freed when the heap is freed (counting is hard!)
        https://bugs.webkit.org/show_bug.cgi?id=53732

        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::destroy): Freeing a block compacts the list, so just
        keep freeing block 0 until there are no blocks left.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77557 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index e354bf061da99c59b781fc7b25f6da66689532ad..bd139bb22d4f7ec46f0d5c3d4085f06dac993bc4 100644 (file)
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,14 @@
+2011-02-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Not all blocks are freed when the heap is freed (counting is hard!)
+        https://bugs.webkit.org/show_bug.cgi?id=53732
+
+        * runtime/MarkedSpace.cpp:
+        (JSC::MarkedSpace::destroy): Freeing a block compacts the list, so just
+        keep freeing block 0 until there are no blocks left.
+
 2011-02-03  Geoffrey Garen  <ggaren@apple.com>
 
         Try to fix the Mac build.

diff --git a/Source/JavaScriptCore/runtime/MarkedSpace.cpp b/Source/JavaScriptCore/runtime/MarkedSpace.cpp
index 5dd93641c1eff3c11fd79c46fb95fa12c3c21d31..027a9731a9885d8f4da271230d869c3486668226 100644 (file)
--- a/Source/JavaScriptCore/runtime/MarkedSpace.cpp
+++ b/Source/JavaScriptCore/runtime/MarkedSpace.cpp
@@ -52,8 +52,8 @@ void MarkedSpace::destroy()
 {
     clearMarkBits(); // Make sure weak pointers appear dead during destruction.
 
-    for (size_t block = 0; block < m_heap.usedBlocks; ++block)
-        freeBlock(block);
+    while (m_heap.usedBlocks)
+        freeBlock(0);
     fastFree(m_heap.blocks);
 
     memset(&m_heap, 0, sizeof(CollectorHeap));