[arch-commits] Commit in libwebkit/gnome-unstable (PKGBUILD bug29599.patch)

Jan de Groot jgc at archlinux.org
Mon Sep 21 19:54:44 UTC 2009


    Date: Monday, September 21, 2009 @ 15:54:44
  Author: jgc
Revision: 52590

Update to 1.1.15, apply crash fix

Added:
  libwebkit/gnome-unstable/bug29599.patch
Modified:
  libwebkit/gnome-unstable/PKGBUILD

----------------+
 PKGBUILD       |   11 ++++--
 bug29599.patch |   89 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 96 insertions(+), 4 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2009-09-21 19:35:37 UTC (rev 52589)
+++ PKGBUILD	2009-09-21 19:54:44 UTC (rev 52590)
@@ -2,23 +2,26 @@
 # Maintainer: Andreas Radke <andyrtr at archlinux.org>
 
 pkgname=libwebkit
-pkgver=1.1.14
+pkgver=1.1.15
 pkgrel=1
 pkgdesc="an opensource web content engine, derived from KHTML and KJS from KDE"
 arch=('i686' 'x86_64')
 url="http://webkitgtk.org/"
 license=('custom')
-depends=('libxt' 'libxslt' 'sqlite3' 'gtk2>=2.17.11' 'icu>=4.2' 'gstreamer0.10-base>=0.10.24' 'libsoup>=2.27.92' 'enchant>=1.4.2')
+depends=('libxt' 'libxslt' 'sqlite3' 'gtk2>=2.17.11' 'icu>=4.2' 'gstreamer0.10-base>=0.10.24' 'libsoup>=2.28.0' 'enchant>=1.4.2')
 makedepends=('gperf' 'gtk-doc>=1.11')
 provides=('webkitgtk-svn')
 conflicts=('webkitgtk-svn')
 replaces=('webkitgtk-svn')
-source=(http://webkitgtk.org/webkit-${pkgver}.tar.gz)
 options=('!libtool')
-md5sums=('bff87d1ddc562223cb99201950d7e138')
+source=(http://webkitgtk.org/webkit-${pkgver}.tar.gz
+        bug29599.patch)
+md5sums=('5478d48e6b134b3e09a3d9b17f3907e8'
+         'fdab6578224f1848f7579b0c4068a9e3')
 
 build() {
   cd "${srcdir}/webkit-${pkgver}"
+  patch -Np1 -i "${srcdir}/bug29599.patch" || return 1
   ./configure --prefix=/usr \
       --enable-video \
       --with-font-backend=freetype --enable-gtk-doc \

Added: bug29599.patch
===================================================================
--- bug29599.patch	                        (rev 0)
+++ bug29599.patch	2009-09-21 19:54:44 UTC (rev 52590)
@@ -0,0 +1,89 @@
+diff --git a/JavaScriptCore/interpreter/Interpreter.cpp b/JavaScriptCore/interpreter/Interpreter.cpp
+index 624832c..8a8fb3c 100644
+--- a/JavaScriptCore/interpreter/Interpreter.cpp
++++ b/JavaScriptCore/interpreter/Interpreter.cpp
+@@ -988,6 +988,10 @@ NEVER_INLINE void Interpreter::tryCachePutByID(CallFrame* callFrame, CodeBlock*
+ 
+     // Structure transition, cache transition info
+     if (slot.type() == PutPropertySlot::NewProperty) {
++        if (structure->isDictionary()) {
++            vPC[0] = getOpcode(op_put_by_id_generic);
++            return;
++        }
+         vPC[0] = getOpcode(op_put_by_id_transition);
+         vPC[4] = structure->previousID();
+         vPC[5] = structure;
+diff --git a/JavaScriptCore/jit/JITStubs.cpp b/JavaScriptCore/jit/JITStubs.cpp
+index f197526..055a536 100644
+--- a/JavaScriptCore/jit/JITStubs.cpp
++++ b/JavaScriptCore/jit/JITStubs.cpp
+@@ -695,7 +695,7 @@ NEVER_INLINE void JITThunks::tryCachePutByID(CallFrame* callFrame, CodeBlock* co
+     // Structure transition, cache transition info
+     if (slot.type() == PutPropertySlot::NewProperty) {
+         StructureChain* prototypeChain = structure->prototypeChain(callFrame);
+-        if (!prototypeChain->isCacheable()) {
++        if (!prototypeChain->isCacheable() || structure->isDictionary()) {
+             ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_put_by_id_generic));
+             return;
+         }
+diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
+index 107f00b..0f7b50a 100644
+diff --git a/LayoutTests/fast/js/resources/transition-cache-dictionary-crash.js b/LayoutTests/fast/js/resources/transition-cache-dictionary-crash.js
+new file mode 100644
+index 0000000..e83bce8
+--- /dev/null
++++ b/LayoutTests/fast/js/resources/transition-cache-dictionary-crash.js
+@@ -0,0 +1,19 @@
++description("Test to ensure we don't attempt to cache new property transitions on dictionary.  Passes if you don't crash.");
++
++var cacheableDictionary = {};
++for (var i = 0; i < 500; i++)
++    cacheableDictionary["a" + i] = i;
++
++function f(o) {
++    o.crash = "doom!";
++}
++f({});
++f(cacheableDictionary);
++f(cacheableDictionary);
++f(cacheableDictionary);
++f(cacheableDictionary);
++f(cacheableDictionary);
++f(cacheableDictionary);
++f(cacheableDictionary);
++f(cacheableDictionary);
++successfullyParsed = true;
+diff --git a/LayoutTests/fast/js/transition-cache-dictionary-crash-expected.txt b/LayoutTests/fast/js/transition-cache-dictionary-crash-expected.txt
+new file mode 100644
+index 0000000..3f65917
+--- /dev/null
++++ b/LayoutTests/fast/js/transition-cache-dictionary-crash-expected.txt
+@@ -0,0 +1,9 @@
++Test to ensure we don't attempt to cache new property transitions on dictionary. Passes if you don't crash.
++
++On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
++
++
++PASS successfullyParsed is true
++
++TEST COMPLETE
++
+diff --git a/LayoutTests/fast/js/transition-cache-dictionary-crash.html b/LayoutTests/fast/js/transition-cache-dictionary-crash.html
+new file mode 100644
+index 0000000..d2293fa
+--- /dev/null
++++ b/LayoutTests/fast/js/transition-cache-dictionary-crash.html
+@@ -0,0 +1,13 @@
++<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
++<html>
++<head>
++<link rel="stylesheet" href="resources/js-test-style.css">
++<script src="resources/js-test-pre.js"></script>
++</head>
++<body>
++<p id="description"></p>
++<div id="console"></div>
++<script src="resources/transition-cache-dictionary-crash.js"></script>
++<script src="resources/js-test-post.js"></script>
++</body>
++</html>




More information about the arch-commits mailing list