Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7bac523bd87dc3ce0c63e66ce5b279ec91e7b9dc
https://github.com/WebKit/WebKit/commit/7bac523bd87dc3ce0c63e66ce5b279ec91e7b9dc
Author: Michael Saboff <[email protected]>
Date: 2024-03-25 (Mon, 25 Mar 2024)
Changed paths:
M Source/JavaScriptCore/runtime/ScopedArguments.h
M Source/JavaScriptCore/runtime/SymbolTable.cpp
M Source/JavaScriptCore/runtime/SymbolTable.h
Log Message:
-----------
REGRESSION: JavaScriptCore: JSC::ScopedArguments::setIndexQuickly
https://bugs.webkit.org/show_bug.cgi?id=268409
rdar://121748005
Reviewed by Yusuke Suzuki.
A code inspection of the symbol table and scoped arguments code revealed that
SymbolTable::cloneScopePart() doesn't
properly copy the ScopedArgumentsTable from the source. Since ScopedArguments
point to the WatchpointSets in the
related SymbolTable, we need to create new WatchpointSets in the cloned
SymbolTable and have the ScopedArguments
point to the related new WatchpointSets.
This is a speculative fix.
* Source/JavaScriptCore/runtime/ScopedArguments.h:
* Source/JavaScriptCore/runtime/SymbolTable.cpp:
(JSC::SymbolTable::cloneScopePart):
(JSC::SymbolTable::hasScopedWatchpointSet):
* Source/JavaScriptCore/runtime/SymbolTable.h:
Originally-landed-as: 272448.422@safari-7618-branch (5bc92c9d5253).
rdar://124554329
Canonical link: https://commits.webkit.org/276646@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
