[Webkit-unassigned] [Bug 70691] BitVector isInline check could fail
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 1 00:12:22 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=70691
Filip Pizlo <fpizlo at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |UNCONFIRMED
Resolution|FIXED |
--- Comment #8 from Filip Pizlo <fpizlo at apple.com> 2011-12-01 00:12:21 PST ---
This fix was actually wrong in two ways:
1) It adds one to the index in the bitops only in the mask part, so for example accessing bit 31 on 32-bit systems will instead access bit 0 in the first word.
2) It does not account for the "lost bit" in the out-of-line bit storage.
I think that the simpler fix is to:
1) Switch back to the way we did things before, since fixing both (1) and (2) seems like begging for off-by-one errors.
2) Fix the original bug by storing the out-of-line bits pointer right-shifted by 1, to make room for the is-inline marker in the top bit.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list