[webkit-changes] [104992] branches/safari-534.54-branch/Source/JavaScriptCore

[lforschler]

Title: [104992] branches/safari-534.54-branch/Source/_javascript_Core

Revision

104992

Author

lforsch...@apple.com

Date

2012-01-13 14:42:33 -0800 (Fri, 13 Jan 2012)

Log Message

Merged r104119.

Modified Paths

branches/safari-534.54-branch/Source/_javascript_Core/ChangeLog
branches/safari-534.54-branch/Source/_javascript_Core/runtime/Arguments.cpp
branches/safari-534.54-branch/Source/_javascript_Core/runtime/Arguments.h

Diff

Modified: branches/safari-534.54-branch/Source/_javascript_Core/ChangeLog (104991 => 104992)

--- branches/safari-534.54-branch/Source/_javascript_Core/ChangeLog	2012-01-13 22:38:19 UTC (rev 104991)
+++ branches/safari-534.54-branch/Source/_javascript_Core/ChangeLog	2012-01-13 22:42:33 UTC (rev 104992)
@@ -1,5 +1,23 @@
 2011-1-13  Lucas Forschler  <lforsch...@apple.com>
 
+    Merge 104119
+
+    2012-01-04  Mark Rowe  <mr...@apple.com>
+
+            <http://webkit.org/b/75604> All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments
+
+            Since JSC::Arguments has an OwnPtr for a member it needs to override destroy
+            to ensure that the correct destructor is invoked. This is necessary because
+            JSCell subclasses all intentionally have non-virtual destructors.
+
+            Reviewed by Filip Pizlo.
+
+            * runtime/Arguments.cpp:
+            (JSC::Arguments::destroy):
+            * runtime/Arguments.h:
+
+2011-1-13  Lucas Forschler  <lforsch...@apple.com>
+
     Merge 104094
 
     2012-01-04  Michael Saboff  <msab...@apple.com>

Modified: branches/safari-534.54-branch/Source/_javascript_Core/runtime/Arguments.cpp (104991 => 104992)

--- branches/safari-534.54-branch/Source/_javascript_Core/runtime/Arguments.cpp	2012-01-13 22:38:19 UTC (rev 104991)
+++ branches/safari-534.54-branch/Source/_javascript_Core/runtime/Arguments.cpp	2012-01-13 22:42:33 UTC (rev 104992)
@@ -52,6 +52,11 @@
         visitor.append(&thisObject->d->activation);
 }
 
+void Arguments::destroy(JSCell* cell)
+{
+    jsCast<Arguments*>(cell)->Arguments::~Arguments();
+}
+
 void Arguments::copyToArguments(ExecState* exec, CallFrame* callFrame, uint32_t length)
 {
     if (UNLIKELY(d->overrodeLength)) {

Modified: branches/safari-534.54-branch/Source/_javascript_Core/runtime/Arguments.h (104991 => 104992)

--- branches/safari-534.54-branch/Source/_javascript_Core/runtime/Arguments.h	2012-01-13 22:38:19 UTC (rev 104991)
+++ branches/safari-534.54-branch/Source/_javascript_Core/runtime/Arguments.h	2012-01-13 22:42:33 UTC (rev 104992)
@@ -108,6 +108,7 @@
         void finishCreation(CallFrame*);
 
     private:
+        static void destroy(JSCell*);
         static bool getOwnPropertySlot(JSCell*, ExecState*, const Identifier& propertyName, PropertySlot&);
         static bool getOwnPropertySlotByIndex(JSCell*, ExecState*, unsigned propertyName, PropertySlot&);
         static bool getOwnPropertyDescriptor(JSObject*, ExecState*, const Identifier&, PropertyDescriptor&);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes