Revision: 3941
Author: [email protected]
Date: Wed Feb 24 11:14:21 2010
Log: Fix uninitialized memory read in CallOptimization.
BUG=http://crbug.com/36602
Review URL: http://codereview.chromium.org/657081
http://code.google.com/p/v8/source/detail?r=3941
Modified:
/branches/bleeding_edge/src/ia32/stub-cache-ia32.cc
=======================================
--- /branches/bleeding_edge/src/ia32/stub-cache-ia32.cc Wed Feb 24 00:33:51
2010
+++ /branches/bleeding_edge/src/ia32/stub-cache-ia32.cc Wed Feb 24 11:14:21
2010
@@ -479,17 +479,14 @@
// Holds information about possible function call optimizations.
class CallOptimization BASE_EMBEDDED {
public:
- explicit CallOptimization(LookupResult* lookup)
- : constant_function_(NULL),
- is_simple_api_call_(false),
- expected_receiver_type_(NULL),
- api_call_info_(NULL) {
- if (!lookup->IsProperty() || !lookup->IsCacheable()) return;
-
- // We only optimize constant function calls.
- if (lookup->type() != CONSTANT_FUNCTION) return;
-
- Initialize(lookup->GetConstantFunction());
+ explicit CallOptimization(LookupResult* lookup) {
+ if (!lookup->IsProperty() || !lookup->IsCacheable() ||
+ lookup->type() != CONSTANT_FUNCTION) {
+ Initialize(NULL);
+ } else {
+ // We only optimize constant function calls.
+ Initialize(lookup->GetConstantFunction());
+ }
}
explicit CallOptimization(JSFunction* function) {
@@ -537,11 +534,14 @@
private:
void Initialize(JSFunction* function) {
- if (!function->is_compiled()) return;
-
- constant_function_ = function;
+ constant_function_ = NULL;
is_simple_api_call_ = false;
-
+ expected_receiver_type_ = NULL;
+ api_call_info_ = NULL;
+
+ if (function == NULL || !function->is_compiled()) return;
+
+ constant_function_ = function;
AnalyzePossibleApiFunction(function);
}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
