WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
107081
DFG 32_64 backend doesn't check for hasArrayStorage() in NewArrayWithSize
https://bugs.webkit.org/show_bug.cgi?id=107081
Summary
DFG 32_64 backend doesn't check for hasArrayStorage() in NewArrayWithSize
Filip Pizlo
Reported
2013-01-16 18:31:03 PST
<
rdar://problem/12966526
>
Attachments
Add attachment
proposed patch, testcase, etc.
Filip Pizlo
Comment 1
2013-01-16 18:31:26 PST
Already reviewed by Michael Saboff in person.
Filip Pizlo
Comment 2
2013-01-16 18:34:34 PST
I couldn't easily come up with a good test case - this flaw would lead to code "just working" in a surprising number of cases.
Filip Pizlo
Comment 3
2013-01-16 18:34:44 PST
Landed in
http://trac.webkit.org/changeset/139949
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug