[Webkit-unassigned] [Bug 96893] 32-bit LLInt get_by_val does vector length checks incorrectly

Mon Sep 17 16:31:49 PDT 2012

https://bugs.webkit.org/show_bug.cgi?id=96893

Filip Pizlo <fpizlo at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|JSC: butterflies causes a   |32-bit LLInt get_by_val
                   |crash in 32-bit llint       |does vector length checks
                   |                            |incorrectly

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.