Context Navigation

← Previous Change
Next Change →

runtime

Timestamp:

Mar 8, 2009, 3:47:01 AM (16 years ago)

Author:

Message:

Bug 24268: RuntimeArray is not a fully implemented JSArray
<https://bugs.webkit.org/show_bug.cgi?id=24268>

Reviewed by Cameron Zwarich.

Don't cast a type to JSArray, just because it reportsArray as a supertype
in the JS type system. Doesn't appear feasible to create a testcase
unfortunately as setting up the failure conditions requires internal access
to JSC not present in DRT.

File:

: 1 edited

trunk/JavaScriptCore/runtime/ArrayPrototype.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JavaScriptCore/runtime/ArrayPrototype.cpp

-              r41243
+              r41518
     while (1) {
         if (curArg.isObject(&JSArray::info)) {
+            JSArray* curArray = asArray(curArg);
+            unsigned length = curArray->length();
+            unsigned length = curArg->get(exec, exec->propertyNames().length).toUInt32(exec);
             for (unsigned k = 0; k < length; ++k) {
                 if (JSValuePtr v = getProperty(exec, curArray, k))
+                if (JSValuePtr v = getProperty(exec, curArg, k))
                     arr->put(exec, n, v);
                 n++;

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 41518 in webkit for trunk/JavaScriptCore/runtime

Legend:

trunk/JavaScriptCore/runtime/ArrayPrototype.cpp

Download in other formats: