Changeset 166217 in webkit for trunk/Source/JavaScriptCore/ChangeLog
- Timestamp:
- Mar 24, 2014, 8:27:46 PM (11 years ago)
- File:
-
- 1 edited
-
trunk/Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r166216 r166217 1 2014-03-24 Geoffrey Garen <[email protected]> 2 3 Safari crashes in JavaScriptCore: JSC::JSObject::growOutOfLineStorage 4 when WebKit is compiled with fcatch-undefined-behavior 5 https://bugs.webkit.org/show_bug.cgi?id=130652 6 7 Reviewed by Mark Hahnenberg. 8 9 Use a static member function because the butterfly we pass in might be 10 NULL, and passing NULL to a member function is undefined behavior. 11 12 Stylistically, I think this new way reads a little more clearly, since it 13 matches createOrGrowArrayRight, and it helps to convey that m_butterfly 14 might not exist yet. 15 16 * runtime/Butterfly.h: 17 * runtime/ButterflyInlines.h: 18 (JSC::Butterfly::createOrGrowPropertyStorage): Renamed from growPropertyStorage 19 because we might create. Split out the create path to avoid using NULL 20 in a member function expression. 21 22 Removed some unused versions of this function. 23 24 * runtime/JSObject.cpp: 25 (JSC::JSObject::growOutOfLineStorage): Updated for interface change. 26 1 27 2014-03-24 Oliver Hunt <[email protected]> 2 28
Note:
See TracChangeset
for help on using the changeset viewer.
