Fix alignment issue causing crash in QtScript/JavaScriptCore

When creating a substring, JSC::UStringImpl required that the
base string pointer was 8-byte aligned. However, on platforms
where FastMalloc isn't enabled (such as Symbian), it's possible
that the system malloc() returns a pointer that is only 4-byte
aligned. (On Symbian, this can happen if the argument to malloc()
itself isn't a multiple of 8.)

Cherry-picked http://trac.webkit.org/changeset/54743 from WebKit
trunk, which fixes this issue. (The commit happened shortly after
we rebased QtScript/JSC for 4.7, so it applies cleanly to our copy.)

Task-number: QTBUG-16828
Reviewed-by: Simon Hausmann

1 files changed, 25 insertions, 0 deletions

diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
index c2b1155c34..9cbf0c146c 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
@@ -358,6 +358,31 @@
 
         * wtf/AlwaysInline.h:
 
+2010-02-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=33731
+        Many false leaks in release builds due to PtrAndFlags
+
+        Remove UntypedPtrAndBitfield (similar to PtrAndFlags) in UStringImpl,
+        and steal bits from the refCount instead.
+
+        * runtime/UStringImpl.cpp:
+        (JSC::UStringImpl::baseSharedBuffer):
+        (JSC::UStringImpl::~UStringImpl):
+        * runtime/UStringImpl.h:
+        (JSC::UStringImpl::cost):
+        (JSC::UStringImpl::isIdentifier):
+        (JSC::UStringImpl::setIsIdentifier):
+        (JSC::UStringImpl::ref):
+        (JSC::UStringImpl::deref):
+        (JSC::UStringImpl::UStringImpl):
+        (JSC::UStringImpl::bufferOwnerString):
+        (JSC::UStringImpl::bufferOwnership):
+        (JSC::UStringImpl::isStatic):
+        (JSC::UStringImpl::):
+
 2010-02-12  Kwang Yul Seo  <skyul@company100.net>
 
         Reviewed by Adam Barth.