102573 2012-11-16 17:26:46 -0800 JSObject::copyButterfly doesn't handle undecided indexing types correctly 2012-11-26 13:00:59 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mhahnenberg mhahnenberg webkit.review.bot oldest_to_newest 769796 0 mhahnenberg 2012-11-16 17:26:46 -0800 We don't do any copying into the newly allocated vector and we don't zero-initialize CopiedBlocks during the copying phase, so we end up with uninitialized memory in arrays which have undecided indexing types. We should just do the actual memcpy from the old block to the new one. We should also assert that all of the elements are empty in vectors with undecided indexing type. 769811 1 174790 mhahnenberg 2012-11-16 17:56:48 -0800 Created attachment 174790 Patch 775801 2 174790 webkit.review.bot 2012-11-26 13:00:55 -0800 Comment on attachment 174790 Patch Clearing flags on attachment: 174790 Committed r135756: <http://trac.webkit.org/changeset/135756> 775802 3 webkit.review.bot 2012-11-26 13:00:59 -0800 All reviewed patches have been landed. Closing bug. 174790 2012-11-16 17:56:48 -0800 2012-11-26 13:00:55 -0800 Patch bug-102573-20121116175443.patch text/plain 1832 mhahnenberg SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTM1MDIyKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE3IEBA CisyMDEyLTExLTE2ICBNYXJrIEhhaG5lbmJlcmcgIDxtaGFobmVuYmVyZ0BhcHBsZS5jb20+CisK KyAgICAgICAgSlNPYmplY3Q6OmNvcHlCdXR0ZXJmbHkgZG9lc24ndCBoYW5kbGUgdW5kZWNpZGVk IGluZGV4aW5nIHR5cGVzIGNvcnJlY3RseQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9y Zy9zaG93X2J1Zy5jZ2k/aWQ9MTAyNTczCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChP T1BTISkuCisKKyAgICAgICAgV2UgZG9uJ3QgZG8gYW55IGNvcHlpbmcgaW50byB0aGUgbmV3bHkg YWxsb2NhdGVkIHZlY3RvciBhbmQgd2UgZG9uJ3QgemVyby1pbml0aWFsaXplIENvcGllZEJsb2Nr cyAKKyAgICAgICAgZHVyaW5nIHRoZSBjb3B5aW5nIHBoYXNlLCBzbyB3ZSBlbmQgdXAgd2l0aCB1 bmluaXRpYWxpemVkIG1lbW9yeSBpbiBhcnJheXMgd2hpY2ggaGF2ZSB1bmRlY2lkZWQgaW5kZXhp bmcgCisgICAgICAgIHR5cGVzLiBXZSBzaG91bGQganVzdCBkbyB0aGUgYWN0dWFsIG1lbWNweSBm cm9tIHRoZSBvbGQgYmxvY2sgdG8gdGhlIG5ldyBvbmUuIAorCisgICAgICAgICogcnVudGltZS9K U09iamVjdC5jcHA6CisgICAgICAgIChKU0M6OkpTT2JqZWN0Ojpjb3B5QnV0dGVyZmx5KTogSnVz dCBkbyB0aGUgc2FtZSB0aGluZyB0aGF0IHdlIGRvIGZvciBvdGhlciBjb250aWd1b3VzIGluZGV4 aW5nIHR5cGVzLgorCiAyMDEyLTExLTE2ICBUb255IENoYW5nICA8dG9ueUBjaHJvbWl1bS5vcmc+ CiAKICAgICAgICAgUmVtb3ZlIEVOQUJMRV9DU1NfSElFUkFSQ0hJRVMgc2luY2UgaXQncyBubyBs b25nZXIgaW4gdXNlCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU09iamVj dC5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvSlNPYmpl Y3QuY3BwCShyZXZpc2lvbiAxMzUwMTkpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGlt ZS9KU09iamVjdC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTEyOSwxMyArMTI5LDcgQEAgQUxXQVlT X0lOTElORSB2b2lkIEpTT2JqZWN0Ojpjb3B5QnV0dGVyZgogICAgICAgICAgICAgc2l6ZV90IGNv dW50OwogICAgICAgICAgICAgCiAgICAgICAgICAgICBzd2l0Y2ggKHN0cnVjdHVyZS0+aW5kZXhp bmdUeXBlKCkpIHsKLSAgICAgICAgICAgIGNhc2UgQUxMX1VOREVDSURFRF9JTkRFWElOR19UWVBF UzogewotICAgICAgICAgICAgICAgIGN1cnJlbnRUYXJnZXQgPSAwOwotICAgICAgICAgICAgICAg IGN1cnJlbnRTb3VyY2UgPSAwOwotICAgICAgICAgICAgICAgIGNvdW50ID0gMDsKLSAgICAgICAg ICAgICAgICBicmVhazsKLSAgICAgICAgICAgIH0KLSAgICAgICAgICAgICAgICAKKyAgICAgICAg ICAgIGNhc2UgQUxMX1VOREVDSURFRF9JTkRFWElOR19UWVBFUzoKICAgICAgICAgICAgIGNhc2Ug QUxMX0NPTlRJR1VPVVNfSU5ERVhJTkdfVFlQRVM6CiAgICAgICAgICAgICBjYXNlIEFMTF9JTlQz Ml9JTkRFWElOR19UWVBFUzoKICAgICAgICAgICAgIGNhc2UgQUxMX0RPVUJMRV9JTkRFWElOR19U WVBFUzogewo=