diff options
Diffstat (limited to 'Source/JavaScriptCore/runtime/JSArray.h')
| -rw-r--r-- | Source/JavaScriptCore/runtime/JSArray.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Source/JavaScriptCore/runtime/JSArray.h b/Source/JavaScriptCore/runtime/JSArray.h index ea1ed9047..cef3b53ad 100644 --- a/Source/JavaScriptCore/runtime/JSArray.h +++ b/Source/JavaScriptCore/runtime/JSArray.h @@ -245,6 +245,10 @@ inline JSArray* JSArray::tryCreateUninitialized(JSGlobalData& globalData, Struct butterfly = Butterfly::fromBase(temp, 0, 0); butterfly->setVectorLength(vectorLength); butterfly->setPublicLength(initialLength); + if (hasDouble(structure->indexingType())) { + for (unsigned i = initialLength; i < vectorLength; ++i) + butterfly->contiguousDouble()[i] = QNaN; + } } else { void* temp; if (!globalData.heap.tryAllocateStorage(Butterfly::totalSize(0, 0, true, ArrayStorage::sizeFor(vectorLength)), &temp)) |