[webkit-reviews] review granted: [Bug 198271] JITOperations putByVal should mark negative array indices as out-of-bounds : [Attachment 370689] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon May 27 11:22:19 PDT 2019
Saam Barati <sbarati at apple.com> has granted Tadeu Zagallo
<tzagallo at apple.com>'s request for review:
Bug 198271: JITOperations putByVal should mark negative array indices as
out-of-bounds
https://bugs.webkit.org/show_bug.cgi?id=198271
Attachment 370689: Patch
https://bugs.webkit.org/attachment.cgi?id=370689&action=review
--- Comment #2 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 370689
--> https://bugs.webkit.org/attachment.cgi?id=370689
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=370689&action=review
> Source/JavaScriptCore/jit/JITOperations.cpp:665
> +putProperty:
Alternatively, you could have an “else if (subscript.isInt32() &&
baseValue.isObject()))” then mark as out of bounds
More information about the webkit-reviews
mailing list