[webkit-changes] [WebKit/WebKit] eba5b3: Check that objects have inline storage before tryi...
Commit Queue
noreply at github.com
Thu May 2 11:09:02 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: eba5b36f9461c779e6e3648ba809e2c02436f492
https://github.com/WebKit/WebKit/commit/eba5b36f9461c779e6e3648ba809e2c02436f492
Author: Marcus Plutowski <marcus_plutowski at apple.com>
Date: 2024-05-02 (Thu, 02 May 2024)
Changed paths:
M Source/JavaScriptCore/runtime/ObjectConstructorInlines.h
Log Message:
-----------
Check that objects have inline storage before trying to copy it
https://bugs.webkit.org/show_bug.cgi?id=273590
rdar://127227132
Reviewed by Yusuke Suzuki.
When copying objects via this code path, we copy over the inlineStorage
unconditionally. This is fine in release mode since when the
inlineStorage isn't present the backing memcpy is 0-width and therefore
does not affect memory, but in debug mode we hit an assert when trying
to get the value for source->inlineStorage.
* Source/JavaScriptCore/runtime/ObjectConstructorInlines.h:
(JSC::tryCreateObjectViaCloning):
Canonical link: https://commits.webkit.org/278270@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list