Changeset 53091 in webkit for trunk/JavaScriptCore/runtime/JSArray.cpp

Timestamp:

Jan 11, 2010, 11:55:39 AM (15 years ago)

Author:

[email protected]

Message:

2010-01-11 Geoffrey Garen <​[email protected]>

Reviewed by Alexey Proskuryakov.

​https://bugs.webkit.org/show_bug.cgi?id=33481
Uninitialized data members in ArrayStorage

SunSpider reports no change.

• runtime/JSArray.cpp: (JSC::JSArray::JSArray): Initialize missing data members in the two cases where we don't use fastZeroedMalloc, so it doesn't happen automatically.

File:

• trunk/JavaScriptCore/runtime/JSArray.cpp (modified) (2 diffs)

trunk/JavaScriptCore/runtime/JSArray.cpp

@@ -153 +153 @@
     m_storage->m_sparseValueMap = 0;
     m_storage->lazyCreationData = 0;
+    m_storage->reportedMapCapacity = 0;
 
     JSValue* vector = m_storage->m_vector;
@@ -173 +174 @@
     m_storage->m_numValuesInVector = initialCapacity;
     m_storage->m_sparseValueMap = 0;
+    m_storage->lazyCreationData = 0;
+    m_storage->reportedMapCapacity = 0;
 
     size_t i = 0;