Context Navigation

Changeset 45693 in webkit for trunk/JavaScriptCore

Timestamp:

Jul 9, 2009, 7:44:34 PM (16 years ago)

Author:

Message:

Reviewed by Darin Adler.

Unsigned vs signed conversions results in incorrect behaviour in
64bit interpreter builds.

Location:

trunk/JavaScriptCore

Files:

-              r45683
+              r45693
+-07-09  Oliver Hunt  <[email protected]>
+        Reviewed by Darin Adler.
+        Bug 27016 - Interpreter crashes due to invalid array indexes
+        <https://bugs.webkit.org/show_bug.cgi?id=27016>
+        Unsigned vs signed conversions results in incorrect behaviour in
+bit interpreter builds.
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
 -07-09  Dimitri Glazkov  <[email protected]>

r45609	r45693
3151	3151	}
3152	3152	Register* argsBuffer = callFrame->registers() + argsOffset;
3153		for (~~unsigned~~ i = 0; i < argCount; ++i) {
	3153	for (int32_t i = 0; i < argCount; ++i) {
3154	3154	argsBuffer[i] = asObject(arguments)->get(callFrame, i);
3155	3155	CHECK_FOR_EXCEPTION();

Note: See TracChangeset for help on using the changeset viewer.