186864 – JSImmutableButterfly should zero its data in create

RESOLVED WONTFIX186864

JSImmutableButterfly should zero its data in create

https://bugs.webkit.org/show_bug.cgi?id=186864

Summary JSImmutableButterfly should zero its data in create

Saam Barati

Reported 2018-06-20 15:01:41 PDT

We currently allocate inside the bytecode generator as we fill in slots. If we don't zero, the GC may see garbage data in the immutable butterfly

Attachments
Add attachment proposed patch, testcase, etc.

Saam Barati

Comment 1 2018-06-25 17:50:35 PDT

(In reply to Saam Barati from comment #0) > We currently allocate inside the bytecode generator as we fill in slots. If > we don't zero, the GC may see garbage data in the immutable butterfly This happens under a deferGC, so it's not a bug. I also recently added an assert to verify the heap is deferred.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WONTFIX

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Saam Barati

Reported

2018-06-20 15:01 PDT

Modified

2018-06-25 17:50 PDT History

CC List

11 users Show

URL

Keywords

Depends on

Blocks