[webkit-reviews] review granted: [Bug 182652] Lock down JSFunction : [Attachment 333632] the patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 12 15:09:49 PST 2018
Saam Barati <sbarati at apple.com> has granted Filip Pizlo <fpizlo at apple.com>'s
request for review:
Bug 182652: Lock down JSFunction
https://bugs.webkit.org/show_bug.cgi?id=182652
Attachment 333632: the patch
https://bugs.webkit.org/attachment.cgi?id=333632&action=review
--- Comment #11 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 333632
--> https://bugs.webkit.org/attachment.cgi?id=333632
the patch
View in context: https://bugs.webkit.org/attachment.cgi?id=333632&action=review
r=me
> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:164
> + return TrustedImmPtr(bitwise_cast<size_t>(cell) ^ Key::key());
Style: uintptr_t instead of size_t?
> Source/JavaScriptCore/runtime/JSBoundFunction.h:44
> + template<typename CellType>
Should we also poison JSBoundFunction's other fields? Or perhaps open a bug for
that work?
More information about the webkit-reviews
mailing list