[webkit-reviews] review granted: [Bug 86733] Setting array index -1 and looping over array causes bad behavior : [Attachment 142602] the patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 17 18:28:46 PDT 2012
Oliver Hunt <oliver at apple.com> has granted Filip Pizlo <fpizlo at apple.com>'s
request for review:
Bug 86733: Setting array index -1 and looping over array causes bad behavior
https://bugs.webkit.org/show_bug.cgi?id=86733
Attachment 142602: the patch
https://bugs.webkit.org/attachment.cgi?id=142602&action=review
------- Additional Comments from Oliver Hunt <oliver at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=142602&action=review
r=me, but switch to Identifier::from() rather than using toString()
> Source/JavaScriptCore/dfg/DFGOperations.cpp:465
> + Identifier property(exec, jsNumber(index).toString(exec)->value(exec));
> + PutPropertySlot slot(true);
Use Identifier::from(exec, index)
> Source/JavaScriptCore/dfg/DFGOperations.cpp:482
> + Identifier property(exec, jsNumber(index).toString(exec)->value(exec));
ditto
More information about the webkit-reviews
mailing list