Changeset 214374 in webkit


Ignore:
Timestamp:
Mar 24, 2017 1:56:45 PM (7 years ago)
Author:
mark.lam@apple.com
Message:

Array memcpy'ing fast paths should check if we're having a bad time if they cannot handle it.
https://bugs.webkit.org/show_bug.cgi?id=170064
<rdar://problem/31246098>

Reviewed by Geoffrey Garen.

  • runtime/ArrayPrototype.cpp:

(JSC::arrayProtoPrivateFuncConcatMemcpy):

  • runtime/JSArray.cpp:

(JSC::JSArray::fastSlice):

Location:
trunk/Source/JavaScriptCore
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r214345 r214374  
     12017-03-24  Mark Lam  <mark.lam@apple.com>
     2
     3        Array memcpy'ing fast paths should check if we're having a bad time if they cannot handle it.
     4        https://bugs.webkit.org/show_bug.cgi?id=170064
     5        <rdar://problem/31246098>
     6
     7        Reviewed by Geoffrey Garen.
     8
     9        * runtime/ArrayPrototype.cpp:
     10        (JSC::arrayProtoPrivateFuncConcatMemcpy):
     11        * runtime/JSArray.cpp:
     12        (JSC::JSArray::fastSlice):
     13
    1142017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
    215

  • trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp

    r214334 r214374  
    13281328    }
    13291329
    1330     Structure* resultStructure = exec->lexicalGlobalObject()->arrayStructureForIndexingTypeDuringAllocation(type);
     1330    JSGlobalObject* lexicalGlobalObject = exec->lexicalGlobalObject();
     1331    Structure* resultStructure = lexicalGlobalObject->arrayStructureForIndexingTypeDuringAllocation(type);
     1332    if (UNLIKELY(hasAnyArrayStorage(resultStructure->indexingType())))
     1333        return JSValue::encode(jsNull());
     1334
     1335    ASSERT(!lexicalGlobalObject->isHavingABadTime());
    13311336    JSArray* result = JSArray::tryCreateForInitializationPrivate(vm, resultStructure, resultSize);
    13321337    if (UNLIKELY(!result)) {

  • trunk/Source/JavaScriptCore/runtime/JSArray.cpp

    r214313 r214374  
    856856            return nullptr;
    857857
    858         Structure* resultStructure = exec.lexicalGlobalObject()->arrayStructureForIndexingTypeDuringAllocation(arrayType);
     858        JSGlobalObject* lexicalGlobalObject = exec.lexicalGlobalObject();
     859        Structure* resultStructure = lexicalGlobalObject->arrayStructureForIndexingTypeDuringAllocation(arrayType);
     860        if (UNLIKELY(hasAnyArrayStorage(resultStructure->indexingType())))
     861            return nullptr;
     862
     863        ASSERT(!lexicalGlobalObject->isHavingABadTime());
    859864        JSArray* resultArray = JSArray::tryCreateForInitializationPrivate(vm, resultStructure, count);
    860865        if (UNLIKELY(!resultArray))
Note: See TracChangeset for help on using the changeset viewer.