WebKit Bugzilla
Attachment 362012 Details for
Bug 194441
: stress/phantom-spread-forward-varargs.js.bytecode-cache failing on debug builds
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-194441-20190214155121.patch (text/plain), 2.46 KB, created by
Tadeu Zagallo
on 2019-02-14 06:51:55 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Tadeu Zagallo
Created:
2019-02-14 06:51:55 PST
Size:
2.46 KB
patch
obsolete
>Subversion Revision: 241515 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 203bf8e3805624a75507bc9f50d6a1cff3f31849..ef0c04129e3d53f5e799046660c7539a6f40c10e 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,18 @@ >+2019-02-14 Tadeu Zagallo <tzagallo@apple.com> >+ >+ CachedBitVector's size must be converted from bits to bytes >+ https://bugs.webkit.org/show_bug.cgi?id=194441 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ CachedBitVector used its size in bits for memcpy. That didn't cause any >+ issues when encoding, since the size in bits was also used in the allocation, >+ but would overflow the actual BitVector buffer when decoding. >+ >+ * runtime/CachedTypes.cpp: >+ (JSC::CachedBitVector::encode): >+ (JSC::CachedBitVector::decode const): >+ > 2019-02-13 Keith Miller <keith_miller@apple.com> and Yusuke Suzuki <ysuzuki@apple.com> > > We should only make rope strings when concatenating strings long enough. >diff --git a/Source/JavaScriptCore/runtime/CachedTypes.cpp b/Source/JavaScriptCore/runtime/CachedTypes.cpp >index 7ec23d13654ad643f40099e00ce81746cd356ed8..610a83bf0499319ab66cecef81b0c6d264fcb0f3 100644 >--- a/Source/JavaScriptCore/runtime/CachedTypes.cpp >+++ b/Source/JavaScriptCore/runtime/CachedTypes.cpp >@@ -754,23 +754,25 @@ class CachedBitVector : public VariableLengthObject<BitVector> { > public: > void encode(Encoder& encoder, const BitVector& bitVector) > { >- m_size = bitVector.size(); >- if (!m_size) >+ m_numBits = bitVector.size(); >+ if (!m_numBits) > return; >- uint8_t* buffer = this->allocate(encoder, m_size); >- memcpy(buffer, bitVector.bits(), m_size); >+ size_t sizeInBytes = BitVector::byteCount(m_numBits); >+ uint8_t* buffer = this->allocate(encoder, sizeInBytes); >+ memcpy(buffer, bitVector.bits(), sizeInBytes); > } > > void decode(Decoder&, BitVector& bitVector) const > { >- if (!m_size) >+ if (!m_numBits) > return; >- bitVector.ensureSize(m_size); >- memcpy(bitVector.bits(), this->buffer(), m_size); >+ bitVector.ensureSize(m_numBits); >+ size_t sizeInBytes = BitVector::byteCount(m_numBits); >+ memcpy(bitVector.bits(), this->buffer(), sizeInBytes); > } > > private: >- unsigned m_size; >+ size_t m_numBits; > }; > > template<typename T, typename HashArg = typename DefaultHash<T>::Hash>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=362012">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194441
: 362012