Bug 110828

Summary: For JSVALUE32_64, maxOffsetRelativeToPatchedStorage() doesn't compute the maximum negative offset
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch oliver: review+

Michael Saboff
Reported 2013-02-25 17:54:55 PST
For 32 bit builds, the helper maxOffsetRelativeToPatchedStorage() in JSObject.h should only add the "tag" offset for positive offset.
Attachments
Patch (2.02 KB, patch)
2013-02-25 17:58 PST, Michael Saboff 		oliver: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2013-02-25 17:58:12 PST
Created attachment 190169 [details] Patch
Michael Saboff
Comment 2 2013-02-25 18:12:04 PST
Committed r143994: <http://trac.webkit.org/changeset/143994>
Note You need to log in before you can comment on or make changes to this bug.