[webkit-reviews] review granted: [Bug 123746] JSArrayBufferViews of length 0 allocate 0 CopiedSpace bytes, which is invalid : [Attachment 215936] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 4 11:40:45 PST 2013
Geoffrey Garen <ggaren at apple.com> has granted Mark Hahnenberg
<mhahnenberg at apple.com>'s request for review:
Bug 123746: JSArrayBufferViews of length 0 allocate 0 CopiedSpace bytes, which
is invalid
https://bugs.webkit.org/show_bug.cgi?id=123746
Attachment 215936: Patch
https://bugs.webkit.org/attachment.cgi?id=215936&action=review
------- Additional Comments from Geoffrey Garen <ggaren at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=215936&action=review
r=me
> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:4712
> + slowCases.append(m_jit.branchTest32(MacroAssembler::Zero, sizeGPR));
I think it's probably reasonably common to make a typed array and then append
to it. Instead of a slow case, I think this should ultimately be a branch
around the allocation code, followed by a store of 0 to
JSArrayBufferView::offsetOfVector(). Can you file a follow-up bug?
More information about the webkit-reviews
mailing list