Bug 91599

Summary: DFG 32-bit PutById transition stub storage reallocation case copies the first pointer of each JSValue instead of the whole JSValue
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, fpizlo, ggaren, mhahnenberg, oliver
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch ggaren: review+

Filip Pizlo
Reported 2012-07-18 00:43:25 PDT
Patch forthcoming.
Attachments
the patch (1.67 KB, patch)
2012-07-18 00:55 PDT, Filip Pizlo 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2012-07-18 00:55:07 PDT
Created attachment 152956 [details] the patch
Geoffrey Garen
Comment 2 2012-07-18 10:01:10 PDT
Comment on attachment 152956 [details] the patch r=me
Filip Pizlo
Comment 3 2012-07-18 15:17:56 PDT
Landed, with 4 new tests, in http://trac.webkit.org/changeset/123028
Note You need to log in before you can comment on or make changes to this bug.