[webkit-reviews] review granted: [Bug 196850] [JSC] op_has_indexed_property should not assume subscript part is Uint32 : [Attachment 367286] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 11 22:30:25 PDT 2019
Saam Barati <sbarati at apple.com> has granted Yusuke Suzuki <ysuzuki at apple.com>'s
request for review:
Bug 196850: [JSC] op_has_indexed_property should not assume subscript part is
Uint32
https://bugs.webkit.org/show_bug.cgi?id=196850
Attachment 367286: Patch
https://bugs.webkit.org/attachment.cgi?id=367286&action=review
--- Comment #4 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 367286
--> https://bugs.webkit.org/attachment.cgi?id=367286
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=367286&action=review
> Source/JavaScriptCore/jit/JITOperations.cpp:2070
> + ASSERT(subscript.asAnyInt() <= UINT32_MAX);
Maybe it’s worth a helper function since this is the second time you’re adding
this code
> Source/JavaScriptCore/jit/JITOperations.cpp:2074
> + uint32_t index = static_cast<uint32_t>(subscript.asAnyInt());
Ditto
More information about the webkit-reviews
mailing list