226388 – Fix LikelyDenseUnsignedIntegerSet::clear()

RESOLVED FIXED226388

Fix LikelyDenseUnsignedIntegerSet::clear()

https://bugs.webkit.org/show_bug.cgi?id=226388

Summary Fix LikelyDenseUnsignedIntegerSet::clear()

Robin Morisset

Reported 2021-05-28 11:53:29 PDT

There are two problems with it: 1) It calls BitVector::clearAll(), which does not free any memory. Instead, it should call BitVector::~BitVector(), then do a placement new of a fresh BitVector (to get it back to its inline condition) 2) More problematically, it changes m_size before calling isBitVector() which relies crucially on the value of m_size. So it is going to believe that it is in BitVector mode even when it is actually in HashSet mode.

Attachments
Patch (2.81 KB, patch) 2021-05-28 12:02 PDT, Robin Morisset	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Robin Morisset

Comment 1 2021-05-28 11:57:18 PDT

rdar://78607433

Robin Morisset

Comment 2 2021-05-28 12:02:48 PDT

Created attachment 430037 [details] Patch

Mark Lam

Comment 3 2021-05-28 12:38:41 PDT

Comment on attachment 430037 [details] Patch r=me

Robin Morisset

Comment 4 2021-05-28 13:05:39 PDT

Comment on attachment 430037 [details] Patch Thanks for the review. Landing this as the wincairo failure is very clearly unrelated.

EWS

Comment 5 2021-05-28 13:17:50 PDT

Committed r278224 (238262@main): <https://commits.webkit.org/238262@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 430037 [details].

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Robin Morisset

Reported

2021-05-28 11:53 PDT

Modified

2021-05-28 13:17 PDT History

CC List

6 users Show

URL

Keywords InRadar

Depends on

226258

Blocks

Dependencies

tree graph