Ignore:
Timestamp:
Jan 21, 2009, 7:35:42 PM (16 years ago)
Author:
[email protected]
Message:

2009-01-21 Gavin Barraclough <[email protected]>

Reviewed by Geoff Garen.

Fix for https://bugs.webkit.org/show_bug.cgi?id=23468.

  • interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute):
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/interpreter/Interpreter.cpp

    r40046 r40108  
    25522552                RefPtr<Structure>* end = it + count;
    25532553
    2554                 JSObject* baseObject = asObject(baseCell);
    2555                 while (1) {
    2556                     baseObject = asObject(baseObject->structure()->prototypeForLookup(callFrame));
     2554                while (true) {
     2555                    JSObject* baseObject = asObject(baseCell->structure()->prototypeForLookup(callFrame));
     2556
    25572557                    if (UNLIKELY(baseObject->structure() != (*it).get()))
    25582558                        break;
     
    25682568                        NEXT_INSTRUCTION();
    25692569                    }
     2570
     2571                    // Update baseCell, so that next time around the loop we'll pick up the prototype's prototype.
     2572                    baseCell = baseObject;
    25702573                }
    25712574            }
Note: See TracChangeset for help on using the changeset viewer.