Context Navigation

← Previous Change
Next Change →

JSArray.cpp

Timestamp:

Aug 3, 2010, 8:05:59 PM (15 years ago)

Author:

Message:

Fix for https://bugs.webkit.org/show_bug.cgi?id=43314. The prior code
was using the wrong "length" value to move array contents when adding
space to the beginning of an array for an unshift() or similar
operation. Instead of using m_vectorLength, the length of the
allocated JSValue array, the code was using m_length, the declared
length of the array. These two values do not need to match.

Patch by Michael Saboff <[email protected]> on 2010-08-03
Reviewed by Gavin Barraclough.

JavaScriptCore.xcodeproj/project.pbxproj:
runtime/JSArray.cpp:

(JSC::JSArray::increaseVectorPrefixLength):

File:

: 1 edited

trunk/JavaScriptCore/runtime/JSArray.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JavaScriptCore/runtime/JSArray.cpp

r64602	r64620
632	632
633	633	memcpy(newStorage, storage, storageSize(0));
634		memcpy(&newStorage->m_vector[newLength - m_vectorLength], &storage->m_vector[0], ~~storage->m_l~~ength * sizeof(JSValue));
	634	memcpy(&newStorage->m_vector[newLength - m_vectorLength], &storage->m_vector[0], vectorLength * sizeof(JSValue));
635	635
636	636	newStorage->m_allocBase = newBaseStorage;

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 64620 in webkit for trunk/JavaScriptCore/runtime/JSArray.cpp

Legend:

trunk/JavaScriptCore/runtime/JSArray.cpp

Download in other formats: