Title: [147626] tags/Safari-537.35.8/Source/_javascript_Core
- Revision
- 147626
- Author
- [email protected]
- Date
- 2013-04-04 08:12:49 -0700 (Thu, 04 Apr 2013)
Log Message
Merged r147017. <rdar://problem/13519289>
Modified Paths
Diff
Modified: tags/Safari-537.35.8/Source/_javascript_Core/ChangeLog (147625 => 147626)
--- tags/Safari-537.35.8/Source/_javascript_Core/ChangeLog 2013-04-04 15:06:33 UTC (rev 147625)
+++ tags/Safari-537.35.8/Source/_javascript_Core/ChangeLog 2013-04-04 15:12:49 UTC (rev 147626)
@@ -1,3 +1,18 @@
+2013-04-04 Lucas Forschler <[email protected]>
+
+ Merge r147017
+
+ 2013-03-27 Mark Hahnenberg <[email protected]>
+
+ CodeCache::m_capacity can becoming negative, producing undefined results in pruneSlowCase
+ https://bugs.webkit.org/show_bug.cgi?id=113453
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/CodeCache.cpp:
+ (JSC::CodeCacheMap::pruneSlowCase): We make sure that m_minCapacity doesn't drop below zero now.
+ This prevents m_capacity from doing the same.
+
2013-03-19 Michael Saboff <[email protected]>
Crash when loading http://www.jqchart.com/jquery/gauges/RadialGauge/LiveData
Modified: tags/Safari-537.35.8/Source/_javascript_Core/runtime/CodeCache.cpp (147625 => 147626)
--- tags/Safari-537.35.8/Source/_javascript_Core/runtime/CodeCache.cpp 2013-04-04 15:06:33 UTC (rev 147625)
+++ tags/Safari-537.35.8/Source/_javascript_Core/runtime/CodeCache.cpp 2013-04-04 15:12:49 UTC (rev 147626)
@@ -40,7 +40,7 @@
void CodeCacheMap::pruneSlowCase()
{
- m_minCapacity = m_size - m_sizeAtLastPrune;
+ m_minCapacity = std::max(m_size - m_sizeAtLastPrune, 0LL);
m_sizeAtLastPrune = m_size;
m_timeAtLastPrune = monotonicallyIncreasingTime();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
