110828 – For JSVALUE32_64, maxOffsetRelativeToPatchedStorage() doesn't compute the maximum negative offset

RESOLVED FIXED 110828

For JSVALUE32_64, maxOffsetRelativeToPatchedStorage() doesn't compute the maximum negative offset

https://bugs.webkit.org/show_bug.cgi?id=110828

Summary For JSVALUE32_64, maxOffsetRelativeToPatchedStorage() doesn't compute the max...

Michael Saboff

Reported 2013-02-25 17:54:55 PST

For 32 bit builds, the helper maxOffsetRelativeToPatchedStorage() in JSObject.h should only add the "tag" offset for positive offset.

Attachments
Patch (2.02 KB, patch) 2013-02-25 17:58 PST, Michael Saboff	oliver: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Michael Saboff

Comment 1 2013-02-25 17:58:12 PST

Michael Saboff

Comment 2 2013-02-25 18:12:04 PST

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P1

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Michael Saboff

Reported

2013-02-25 17:54 PST

Modified

2013-02-25 18:12 PST History

CC List

0 users

URL

Keywords

Depends on

Blocks