[heap] Do not touch pre-freed typed slot set memory anymore.

BUG=chromium:648568 Review-Url: https://codereview.chromium.org/2397473004 Cr-Commit-Position: refs/heads/master@{#40034}

[heap] Do not touch pre-freed typed slot set memory anymore.
BUG=chromium:648568 Review-Url: https://codereview.chromium.org/2397473004 Cr-Commit-Position: refs/heads/master@{#40034}
84b81f8c · hpayer · Commit bot · 599f8a83 · 84b81f8c
Commit 84b81f8c authored Oct 06, 2016 by hpayer Committed by Commit bot Oct 06, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

slot-set.h src/heap/slot-set.h +4 -3

No files found.
--- a/src/heap/slot-set.h
+++ b/src/heap/slot-set.h
@@ -401,20 +401,21 @@ class TypedSlotSet {
        }
      }

+      Chunk* next = chunk->next.Value();
      if (mode == PREFREE_EMPTY_CHUNKS && empty) {
        // We remove the chunk from the list but let it still point its next
        // chunk to allow concurrent iteration.
        if (previous) {
-          previous->next.SetValue(chunk->next.Value());
+          previous->next.SetValue(next);
        } else {
-          chunk_.SetValue(chunk->next.Value());
+          chunk_.SetValue(next);
        }
        base::LockGuard<base::Mutex> guard(&to_be_freed_chunks_mutex_);
        to_be_freed_chunks_.push(chunk);
      } else {
        previous = chunk;
      }
-      chunk = chunk->next.Value();
+      chunk = next;
    }
    return new_count;
  }