RESOLVED FIXED 110155
Structure::flattenDictionaryStructure should compute max offset in a manner that soundly handles the case where the property list becomes empty 
https://bugs.webkit.org/show_bug.cgi?id=110155
Summary Structure::flattenDictionaryStructure should compute max offset in a manner t...
Filip Pizlo
Reported 2013-02-18 14:48:21 PST
This was a rookie mistake. It was doing: for (blah) { m_offset = foo // foo's monotonically increase in the loop } as a way of computing max offset for all of the properties. Except what if the loop doesn't execute because there are no properties? Well, then, you're going to have a bogus m_offset. The solution is to initialize m_offset at the top of the loop.
Attachments
the patch (7.79 KB, patch)
2013-02-18 14:51 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
the patch (7.23 KB, patch)
2013-02-18 14:53 PST, Filip Pizlo 		mrowe: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2013-02-18 14:48:43 PST
<rdar://problem/13233773>
Filip Pizlo
Comment 2 2013-02-18 14:51:46 PST
Created attachment 188945 [details] the patch
Filip Pizlo
Comment 3 2013-02-18 14:52:38 PST
Comment on attachment 188945 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=188945&action=review > Source/WTF/wtf/DataLog.cpp:80 > - if (!file) > + if (!file) { > fprintf(stderr, "Warning: Could not open log file %s for writing.\n", actualFilename); > + CRASH(); > + } Oops, I will back this out.
Filip Pizlo
Comment 4 2013-02-18 14:53:00 PST
Created attachment 188946 [details] the patch
Filip Pizlo
Comment 5 2013-02-18 15:23:05 PST
Landed in http://trac.webkit.org/changeset/143269
Filip Pizlo
Comment 6 2013-02-18 16:29:35 PST
*** Bug 110154 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.