diff options
| author | Mark Hahnenberg <mhahnenberg@apple.com> | 2013-02-04 14:16:39 +0100 |
|---|---|---|
| committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-02-06 14:45:44 +0100 |
| commit | ddfc231cac5d5307df76332cb532224651ae4966 (patch) | |
| tree | b13294cb425b90ad76d868db9acd1f16ff0f0369 /Source/JavaScriptCore/assembler/ARMAssembler.cpp | |
| parent | c27b9870614d273b2f369bb920a328e371b58756 (diff) | |
| download | qtwebkit-ddfc231cac5d5307df76332cb532224651ae4966.tar.gz | |
Butterfly::growArrayRight shouldn't be called on null Butterfly objects
https://bugs.webkit.org/show_bug.cgi?id=105221
Reviewed by Filip Pizlo.
Currently we depend upon the fact that Butterfly::growArrayRight works with null Butterfly
objects purely by coincidence. We should add a new static function that null checks the old
Butterfly object and creates a new one if it's null, or calls growArrayRight if it isn't for
use in the couple of places in JSObject that expect such behavior to work.
* runtime/Butterfly.h:
(Butterfly):
* runtime/ButterflyInlines.h:
(JSC::Butterfly::createOrGrowArrayRight):
(JSC):
* runtime/JSObject.cpp:
(JSC::JSObject::createInitialIndexedStorage):
(JSC::JSObject::createArrayStorage):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137961 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Change-Id: I643bc988f3e25b6f05be4e99f19fd2dc609152e4
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
Diffstat (limited to 'Source/JavaScriptCore/assembler/ARMAssembler.cpp')
0 files changed, 0 insertions, 0 deletions