Fix an assertion beneath SerializedScriptValue::deserialize on 32-bit builds (e.g., on Windows)

Passing a JSValue to toRef on 32-bit builds can perform an allocation, so we need to make sure we hold a JSLock when that occurs. Reviewed by Oliver Hunt. * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValueData::serialize): (WebCore::SerializedScriptValueData::deserialize): Moved JSLocks from here... (WebCore::SerializedScriptValue::create): (WebCore::SerializedScriptValue::deserialize): ...to this higher level, from which toRef can be called. git-svn-id: svn://svn.chromium.org/blink/trunk@54023 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Fix an assertion beneath SerializedScriptValue::deserialize on 32-bit builds (e.g., on Windows)
Passing a JSValue to toRef on 32-bit builds can perform an allocation, so we need to make sure we hold a JSLock when that occurs. Reviewed by Oliver Hunt. * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValueData::serialize): (WebCore::SerializedScriptValueData::deserialize): Moved JSLocks from here... (WebCore::SerializedScriptValue::create): (WebCore::SerializedScriptValue::deserialize): ...to this higher level, from which toRef can be called. git-svn-id: svn://svn.chromium.org/blink/trunk@54023 bbb929c8-8fbe-4397-9dbb-9b2b20218538
d67124e7 · aroben@apple.com · b262e82c · d67124e7 · d67124e7
Commit d67124e7 authored Jan 28, 2010 by aroben@apple.com
Showing with 21 additions and 2 deletions

third_party/WebKit/WebCore/ChangeLog third_party/WebKit/WebCore/ChangeLog +19 -0

third_party/WebKit/WebCore/bindings/js/SerializedScriptValue.cpp ...arty/WebKit/WebCore/bindings/js/SerializedScriptValue.cpp +2 -2

No files found.
--- a/third_party/WebKit/WebCore/ChangeLog
+++ b/third_party/WebKit/WebCore/ChangeLog
+2010-01-28  Adam Roben  <aroben@apple.com>
+        Fix an assertion beneath SerializedScriptValue::deserialize on 32-bit
+        builds (e.g., on Windows)
+        Passing a JSValue to toRef on 32-bit builds can perform an allocation,
+        so we need to make sure we hold a JSLock when that occurs.
+        Reviewed by Oliver Hunt.
+        * bindings/js/SerializedScriptValue.cpp:
+        (WebCore::SerializedScriptValueData::serialize):
+        (WebCore::SerializedScriptValueData::deserialize):
+        Moved JSLocks from here...
+        (WebCore::SerializedScriptValue::create):
+        (WebCore::SerializedScriptValue::deserialize):
+        ...to this higher level, from which toRef can be called.
 2010-01-28  Oliver Hunt  <oliver@apple.com>
        Reviewed by Gavin Barraclough.
--- a/third_party/WebKit/WebCore/bindings/js/SerializedScriptValue.cpp
+++ b/third_party/WebKit/WebCore/bindings/js/SerializedScriptValue.cpp
@@ -598,7 +598,6 @@ private:
 SerializedScriptValueData SerializedScriptValueData::serialize(ExecState* exec, JSValue inValue)
 {
-    JSLock lock(SilenceAssertionsOnly);
    SerializingTreeWalker context(exec);
    return walk<SerializingTreeWalker>(context, inValue);
 }
@@ -761,7 +760,6 @@ private:
 JSValue SerializedScriptValueData::deserialize(ExecState* exec, JSGlobalObject* global, bool mustCopy) const
 {
-    JSLock lock(SilenceAssertionsOnly);
    DeserializingTreeWalker context(exec, global, mustCopy);
    return walk<DeserializingTreeWalker>(context, *this);
 }
@@ -921,6 +919,7 @@ SerializedScriptValue::~SerializedScriptValue()
 PassRefPtr<SerializedScriptValue> SerializedScriptValue::create(JSContextRef originContext, JSValueRef apiValue, JSValueRef* exception)
 {
+    JSLock lock(SilenceAssertionsOnly);
    ExecState* exec = toJS(originContext);
    JSValue value = toJS(exec, apiValue);
    PassRefPtr<SerializedScriptValue> serializedValue = SerializedScriptValue::create(exec, value);
@@ -936,6 +935,7 @@ PassRefPtr<SerializedScriptValue> SerializedScriptValue::create(JSContextRef ori
 JSValueRef SerializedScriptValue::deserialize(JSContextRef destinationContext, JSValueRef* exception)
 {
+    JSLock lock(SilenceAssertionsOnly);
    ExecState* exec = toJS(destinationContext);
    JSValue value = deserialize(exec, exec->lexicalGlobalObject());
    if (exec->hadException()) {