[Webkit-unassigned] [Bug 69102] Structure transitions involving many (> 64) properties sometimes cause structure corruption
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 29 13:41:32 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=69102
--- Comment #5 from Filip Pizlo <fpizlo at apple.com> 2011-09-29 13:41:32 PST ---
(In reply to comment #3)
> If you really want to support an arbitrary size, shouldn't m_offset be size_t?
I could imagine code that wants > 2^15 properties. I've seen Java code out there that pushes right up to that limit. (Java has a 2^16 hard limit on fields, and I've seen code generators that push that limit by splitting the code into multiple classes.) If someone wanted to set >2^31 fields, then we'd probably fall over and die for other reasons.
I didn't want to use an unsigned type because that would require making this a bigger change. We use -1 as a marker. And anyway, the difference between dying at 2^31 and 2^32 is not so great.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list