[webkit-changes] [WebKit/WebKit] 8b034b: jsc_fuzz: ASSERTION FAILED: !is8Bit() || isEmpty()...
Commit Queue
noreply at github.com
Mon Jul 31 11:46:10 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8b034b74da84999cc6b0367194a106bfaa4a9fdf
https://github.com/WebKit/WebKit/commit/8b034b74da84999cc6b0367194a106bfaa4a9fdf
Author: Alexey Shvayka <ashvayka at apple.com>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
A JSTests/stress/regress-255806.js
M Source/JavaScriptCore/runtime/StringPrototype.cpp
Log Message:
-----------
jsc_fuzz: ASSERTION FAILED: !is8Bit() || isEmpty() in stringProtoFuncToWellFormed()
https://bugs.webkit.org/show_bug.cgi?id=255806
<rdar://108256807>
Reviewed by Yusuke Suzuki.
It's necessary to resolve a rope to determine if a string is 8-bit: JSRopeString's is8BitInPointer merely
implies it can be represented as 8-bit, but after the rope is resolved, it can become a 16-bit string.
* JSTests/stress/regress-255806.js: Added.
* Source/JavaScriptCore/runtime/StringPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
Originally-landed-as: 259548.689 at safari-7615-branch (a75d564e8c5f). rdar://108256807
Canonical link: https://commits.webkit.org/266450@main
More information about the webkit-changes
mailing list