Bug 57986

Summary:

Stop JSObject::isUsingInlineStorage() from using the structure

Product:

WebKit

Reporter:

Oliver Hunt <oliver>

Component:

New Bugs

Assignee:

Oliver Hunt <oliver>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

Other

OS:

OS X 10.5

Attachments:

Description	Flags
Patch	barraclough: review+

Oliver Hunt

Reported 2011-04-06 15:02:14 PDT

Stop JSObject::isUsingInlineStorage() from using the structure

Attachments
Patch (1.99 KB, patch) 2011-04-06 15:03 PDT, Oliver Hunt	barraclough: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Oliver Hunt

Comment 1 2011-04-06 15:03:54 PDT

Created attachment 88521 [details] Patch

Oliver Hunt

Comment 2 2011-04-06 15:15:57 PDT

Committed r83107: <http://trac.webkit.org/changeset/83107>

Darin Adler

Comment 3 2011-06-30 16:40:58 PDT

Comment on attachment 88521 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=88521&action=review > Source/JavaScriptCore/runtime/JSObject.h:223 > + bool isUsingInlineStorage() const { return static_cast<const void*>(m_propertyStorage) == static_cast<const void*>(this + 1); } You should only have to cast one of these two to const void*. > Source/JavaScriptCore/runtime/JSObject.h:404 > + ASSERT(static_cast<void*>(inlineStorage) == static_cast<void*>(this + 1)); You should only have to cast one of these two to void*.

Note You need to log in before you can comment on or make changes to this bug.