Butterfly::growArrayRight shouldn't be called on null Butterfly objects

https://bugs.webkit.org/show_bug.cgi?id=105221 Reviewed by Filip Pizlo. Currently we depend upon the fact that Butterfly::growArrayRight works with null Butterfly objects purely by coincidence. We should add a new static function that null checks the old Butterfly object and creates a new one if it's null, or calls growArrayRight if it isn't for use in the couple of places in JSObject that expect such behavior to work. * runtime/Butterfly.h: (Butterfly): * runtime/ButterflyInlines.h: (JSC::Butterfly::createOrGrowArrayRight): (JSC): * runtime/JSObject.cpp: (JSC::JSObject::createInitialIndexedStorage): (JSC::JSObject::createArrayStorage): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137961 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: I643bc988f3e25b6f05be4e99f19fd2dc609152e4 Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
author: Mark Hahnenberg <mhahnenberg@apple.com> 2013-02-04 14:16:39 +0100
committer: The Qt Project <gerrit-noreply@qt-project.org> 2013-02-06 14:45:44 +0100
commit: ddfc231cac5d5307df76332cb532224651ae4966 (patch)
tree: b13294cb425b90ad76d868db9acd1f16ff0f0369 /Source/JavaScriptCore/runtime/JSObject.cpp
parent: c27b9870614d273b2f369bb920a328e371b58756 (diff)
download: qtwebkit-ddfc231cac5d5307df76332cb532224651ae4966.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/Source/JavaScriptCore/runtime/JSObject.cpp b/Source/JavaScriptCore/runtime/JSObject.cpp
index dc73e04b0..1b3d71cfd 100644
--- a/Source/JavaScriptCore/runtime/JSObject.cpp
+++ b/Source/JavaScriptCore/runtime/JSObject.cpp
@@ -610,7 +610,7 @@ Butterfly* JSObject::createInitialIndexedStorage(JSGlobalData& globalData, unsig
     ASSERT(!structure()->needsSlowPutIndexing());
     ASSERT(!indexingShouldBeSparse());
     unsigned vectorLength = std::max(length, BASE_VECTOR_LEN);
-    Butterfly* newButterfly = m_butterfly->growArrayRight(
+    Butterfly* newButterfly = Butterfly::createOrGrowArrayRight(m_butterfly, 
         globalData, structure(), structure()->outOfLineCapacity(), false, 0,
         elementSize * vectorLength);
     newButterfly->setPublicLength(length);
@@ -656,7 +656,7 @@ ArrayStorage* JSObject::createArrayStorage(JSGlobalData& globalData, unsigned le
 {
     IndexingType oldType = structure()->indexingType();
     ASSERT_UNUSED(oldType, !hasIndexedProperties(oldType));
-    Butterfly* newButterfly = m_butterfly->growArrayRight(
+    Butterfly* newButterfly = Butterfly::createOrGrowArrayRight(m_butterfly, 
         globalData, structure(), structure()->outOfLineCapacity(), false, 0,
         ArrayStorage::sizeFor(vectorLength));
     if (!newButterfly)
author	Mark Hahnenberg <mhahnenberg@apple.com>	2013-02-04 14:16:39 +0100
committer	The Qt Project <gerrit-noreply@qt-project.org>	2013-02-06 14:45:44 +0100
commit	ddfc231cac5d5307df76332cb532224651ae4966 (patch)
tree	b13294cb425b90ad76d868db9acd1f16ff0f0369 /Source/JavaScriptCore/runtime/JSObject.cpp
parent	c27b9870614d273b2f369bb920a328e371b58756 (diff)
download	qtwebkit-ddfc231cac5d5307df76332cb532224651ae4966.tar.gz