[webkit-changes] [WebKit/WebKit] 9158c5: [JSC] Make `memcpy` for butterfly safer in `Array#...
SUZUKI Sosuke
noreply at github.com
Wed Jan 1 21:46:58 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9158c52898ef7f10c47c884c12c67de5ee47d711
https://github.com/WebKit/WebKit/commit/9158c52898ef7f10c47c884c12c67de5ee47d711
Author: Sosuke Suzuki <aosukeke at gmail.com>
Date: 2025-01-01 (Wed, 01 Jan 2025)
Changed paths:
M Source/JavaScriptCore/runtime/JSArray.cpp
Log Message:
-----------
[JSC] Make `memcpy` for butterfly safer in `Array#toReversed` fast path
https://bugs.webkit.org/show_bug.cgi?id=285278
Reviewed by Yusuke Suzuki.
We should initialize all vector fields of a butterfly before creating a
new array with `createWithButterfly`. This is the same issue pointed
out in https://github.com/WebKit/WebKit/pull/38429#discussion_r1900117330
* Source/JavaScriptCore/runtime/JSArray.cpp:
(JSC::JSArray::fastToReversed):
Canonical link: https://commits.webkit.org/288359@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list