[webkit-reviews] review granted: [Bug 180274] Having a bad time needs to handle ArrayClass indexing type as well : [Attachment 328147] patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 1 13:40:12 PST 2017
Mark Lam <mark.lam at apple.com> has granted Mark Lam <mark.lam at apple.com>'s
request for review:
Bug 180274: Having a bad time needs to handle ArrayClass indexing type as well
https://bugs.webkit.org/show_bug.cgi?id=180274
Attachment 328147: patch
https://bugs.webkit.org/attachment.cgi?id=328147&action=review
--- Comment #6 from Mark Lam <mark.lam at apple.com> ---
Comment on attachment 328147
--> https://bugs.webkit.org/attachment.cgi?id=328147
patch
View in context: https://bugs.webkit.org/attachment.cgi?id=328147&action=review
r=me too.
>> Source/JavaScriptCore/runtime/JSObject.cpp:1611
>> + switchToSlowPutArrayStorage(vm);
>
> Isn't this infinitely recursing?
OK, I see what's happening. The ensureArrayStorage() ensures that the
indexingType is no longer ArrayClass before recursing. Nothing to see here.
Moving along.
More information about the webkit-reviews
mailing list