Title: [258964] trunk/Source/_javascript_Core
- Revision
- 258964
- Author
- [email protected]
- Date
- 2020-03-24 17:27:56 -0700 (Tue, 24 Mar 2020)
Log Message
Memory::fastMappedBytes() is wrong
https://bugs.webkit.org/show_bug.cgi?id=209488
Reviewed by Mark Lam.
* wasm/WasmMemory.cpp:
(JSC::Wasm::Memory::fastMappedBytes):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (258963 => 258964)
--- trunk/Source/_javascript_Core/ChangeLog 2020-03-25 00:20:06 UTC (rev 258963)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-03-25 00:27:56 UTC (rev 258964)
@@ -1,3 +1,13 @@
+2020-03-24 Saam Barati <[email protected]>
+
+ Memory::fastMappedBytes() is wrong
+ https://bugs.webkit.org/show_bug.cgi?id=209488
+
+ Reviewed by Mark Lam.
+
+ * wasm/WasmMemory.cpp:
+ (JSC::Wasm::Memory::fastMappedBytes):
+
2020-03-24 Keith Miller <[email protected]>
Fix isEmpty AssemblyHelpers function and add isNotEmpty
Modified: trunk/Source/_javascript_Core/wasm/WasmMemory.cpp (258963 => 258964)
--- trunk/Source/_javascript_Core/wasm/WasmMemory.cpp 2020-03-25 00:20:06 UTC (rev 258963)
+++ trunk/Source/_javascript_Core/wasm/WasmMemory.cpp 2020-03-25 00:27:56 UTC (rev 258964)
@@ -358,7 +358,7 @@
size_t Memory::fastMappedBytes()
{
static_assert(sizeof(uint64_t) == sizeof(size_t), "We rely on allowing the maximum size of Memory we map to be 2^32 + redzone which is larger than fits in a 32-bit integer that we'd pass to mprotect if this didn't hold.");
- return static_cast<size_t>(std::numeric_limits<uint32_t>::max()) + fastMappedRedzoneBytes();
+ return (static_cast<size_t>(1) << 32) + fastMappedRedzoneBytes();
}
bool Memory::addressIsInActiveFastMemory(void* address)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
