Bug 57986

Summary:

Stop JSObject::isUsingInlineStorage() from using the structure

Product:

WebKit

Reporter:

Oliver Hunt <oliver>

Component:

New Bugs

Assignee:

Oliver Hunt <oliver>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

Other

OS:

OS X 10.5

Attachments:

Description	Flags
Patch	barraclough: review+

Description Oliver Hunt 2011-04-06 15:02:14 PDT

Stop JSObject::isUsingInlineStorage() from using the structure

Comment 1 Oliver Hunt 2011-04-06 15:03:54 PDT

Created attachment 88521 [details]
Patch

Comment 2 Oliver Hunt 2011-04-06 15:15:57 PDT

Committed r83107: <http://trac.webkit.org/changeset/83107>

Comment 3 Darin Adler 2011-06-30 16:40:58 PDT

Comment on attachment 88521 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=88521&action=review

> Source/JavaScriptCore/runtime/JSObject.h:223
> +        bool isUsingInlineStorage() const { return static_cast<const void*>(m_propertyStorage) == static_cast<const void*>(this + 1); }

You should only have to cast one of these two to const void*.

> Source/JavaScriptCore/runtime/JSObject.h:404
> +    ASSERT(static_cast<void*>(inlineStorage) == static_cast<void*>(this + 1));

You should only have to cast one of these two to void*.