[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
ggaren at apple.com
ggaren at apple.com
Thu Apr 8 01:00:21 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit e852a0c49f4dc19470e9a0af80bf8bcd489cfe4c
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Mon Jan 11 19:55:39 2010 +0000
2010-01-11 Geoffrey Garen <ggaren at apple.com>
Reviewed by Alexey Proskuryakov.
https://bugs.webkit.org/show_bug.cgi?id=33481
Uninitialized data members in ArrayStorage
SunSpider reports no change.
* runtime/JSArray.cpp:
(JSC::JSArray::JSArray): Initialize missing data members in the two cases
where we don't use fastZeroedMalloc, so it doesn't happen automatically.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53091 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index bb746ff..96a5bef 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-01-11 Geoffrey Garen <ggaren at apple.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ https://bugs.webkit.org/show_bug.cgi?id=33481
+ Uninitialized data members in ArrayStorage
+
+ SunSpider reports no change.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray): Initialize missing data members in the two cases
+ where we don't use fastZeroedMalloc, so it doesn't happen automatically.
+
2010-01-11 Steve Falkenburg <sfalken at apple.com>
Reviewed by Sam Weinig.
diff --git a/JavaScriptCore/runtime/JSArray.cpp b/JavaScriptCore/runtime/JSArray.cpp
index 2f1141d..7221f87 100644
--- a/JavaScriptCore/runtime/JSArray.cpp
+++ b/JavaScriptCore/runtime/JSArray.cpp
@@ -152,6 +152,7 @@ JSArray::JSArray(NonNullPassRefPtr<Structure> structure, unsigned initialLength)
m_storage->m_numValuesInVector = 0;
m_storage->m_sparseValueMap = 0;
m_storage->lazyCreationData = 0;
+ m_storage->reportedMapCapacity = 0;
JSValue* vector = m_storage->m_vector;
for (size_t i = 0; i < initialCapacity; ++i)
@@ -172,6 +173,8 @@ JSArray::JSArray(NonNullPassRefPtr<Structure> structure, const ArgList& list)
m_vectorLength = initialCapacity;
m_storage->m_numValuesInVector = initialCapacity;
m_storage->m_sparseValueMap = 0;
+ m_storage->lazyCreationData = 0;
+ m_storage->reportedMapCapacity = 0;
size_t i = 0;
ArgList::const_iterator end = list.end();
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list