Changeset 80006 in webkit
- Timestamp:
- Mar 1, 2011 9:41:12 AM (13 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r79999 r80006 1 2011-02-28 Geoffrey Garen <ggaren@apple.com> 2 3 Reviewed by Gavin Barraclough. 4 5 Past-the-end writes in VM exceptions (caused crashes in r79627) 6 https://bugs.webkit.org/show_bug.cgi?id=55448 7 8 Some exceptions had the wrong structures, so they misoverestimated their 9 inline storage sizes. 10 11 * runtime/JSGlobalData.cpp: 12 (JSC::JSGlobalData::JSGlobalData): Use the right structure. 13 14 * runtime/JSObject.h: 15 (JSC::JSNonFinalObject::JSNonFinalObject): 16 (JSC::JSFinalObject::JSFinalObject): ASSERT that our structure capacity 17 is correct to verify this doesn't happen again. 18 1 19 2011-03-01 Andras Becsi <abecsi@webkit.org> 2 20 -
trunk/Source/JavaScriptCore/runtime/JSGlobalData.cpp
r79904 r80006 124 124 , stringTable(fastNew<HashTable>(JSC::stringTable)) 125 125 , activationStructure(JSActivation::createStructure(jsNull())) 126 , interruptedExecutionErrorStructure( createEmptyObjectStructure(jsNull()))127 , terminatedExecutionErrorStructure( createEmptyObjectStructure(jsNull()))126 , interruptedExecutionErrorStructure(JSNonFinalObject::createStructure(jsNull())) 127 , terminatedExecutionErrorStructure(JSNonFinalObject::createStructure(jsNull())) 128 128 , staticScopeStructure(JSStaticScopeObject::createStructure(jsNull())) 129 129 , strictEvalActivationStructure(StrictEvalActivation::createStructure(jsNull())) -
trunk/Source/JavaScriptCore/runtime/JSObject.h
r79355 r80006 324 324 { 325 325 ASSERT(!(OBJECT_OFFSETOF(JSNonFinalObject, m_inlineStorage) % sizeof(double))); 326 ASSERT(this->structure()->propertyStorageCapacity() == JSNonFinalObject_inlineStorageCapacity); 326 327 } 327 328 … … 351 352 { 352 353 ASSERT(OBJECT_OFFSETOF(JSFinalObject, m_inlineStorage) % sizeof(double) == 0); 354 ASSERT(this->structure()->propertyStorageCapacity() == JSFinalObject_inlineStorageCapacity); 353 355 } 354 356
Note: See TracChangeset
for help on using the changeset viewer.