[Webkit-unassigned] [Bug 75588] unshift/pop fifo may consume excessive memory

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 5 02:51:43 PST 2012


https://bugs.webkit.org/show_bug.cgi?id=75588





--- Comment #5 from Csaba Osztrogonac <ossy at webkit.org>  2012-01-05 02:51:43 PST ---
(From update of attachment 121188)
View in context: https://bugs.webkit.org/attachment.cgi?id=121188&action=review

> Source/JavaScriptCore/runtime/JSArray.cpp:827
> -void JSArray::unshiftCount(ExecState* exec, int count)
> +void JSArray::unshiftCount(ExecState* exec, unsigned count)

After this change the following assert is always true:
ASSERT(count >= 0);

It caused build breakage in debug mode:
cc1plus: warnings being treated as errors
../../../../Source/JavaScriptCore/runtime/JSArray.cpp: In member function ‘void JSC::JSArray::unshiftCount(JSC::ExecState*, unsigned int)’:
../../../../Source/JavaScriptCore/runtime/JSArray.cpp:831: error: comparison of unsigned expression >= 0 is always true
../../../../Source/JavaScriptCore/runtime/JSArray.cpp:832: error: comparison of unsigned expression >= 0 is always true

> Source/JavaScriptCore/runtime/JSArray.h:261
> +        unsigned m_indexBias; // The number of JSValue sized blocks before ArrayStorage.

After this change the following assert is always true:
ASSERT(m_indexBias >= 0);

It caused build breakage in debug mode:
cc1plus: warnings being treated as errors
../../../../Source/JavaScriptCore/runtime/JSArray.cpp: In member function ‘void JSC::JSArray::unshiftCount(JSC::ExecState*, unsigned int)’:
../../../../Source/JavaScriptCore/runtime/JSArray.cpp:831: error: comparison of unsigned expression >= 0 is always true
../../../../Source/JavaScriptCore/runtime/JSArray.cpp:832: error: comparison of unsigned expression >= 0 is always true

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the webkit-unassigned mailing list