Skip to site navigation (Press enter)

[webkit-changes] [153285] trunk/Source/JavaScriptCore

oliver Wed, 24 Jul 2013 21:04:19 -0700

Title: [153285] trunk/Source/_javascript_Core

Revision: 153285
Author: [email protected]
Date: 2013-07-24 21:05:08 -0700 (Wed, 24 Jul 2013)

Log Message

fourthTier: Structure::isValidOffset() should be able to tell you if you're loading a valid JSValue, and not just not crashing
https://bugs.webkit.org/show_bug.cgi?id=118911


Reviewed by Geoffrey Garen.

We could also have a separate method like "willNotCrash(offset)", but that's not
what isValidOffset() is intended to mean.

* runtime/Structure.h:
(JSC::Structure::isValidOffset):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/Structure.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (153284 => 153285)


--- trunk/Source/_javascript_Core/ChangeLog	2013-07-25 04:05:07 UTC (rev 153284)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-07-25 04:05:08 UTC (rev 153285)
@@ -1,5 +1,18 @@
 2013-07-19  Filip Pizlo  <[email protected]>
 
+        fourthTier: Structure::isValidOffset() should be able to tell you if you're loading a valid JSValue, and not just not crashing
+        https://bugs.webkit.org/show_bug.cgi?id=118911
+
+        Reviewed by Geoffrey Garen.
+        
+        We could also have a separate method like "willNotCrash(offset)", but that's not
+        what isValidOffset() is intended to mean.
+
+        * runtime/Structure.h:
+        (JSC::Structure::isValidOffset):
+
+2013-07-19  Filip Pizlo  <[email protected]>
+
         fourthTier: Structure should be able to tell you if it's valid to load at a given offset from any object with that structure
         https://bugs.webkit.org/show_bug.cgi?id=118878

Modified: trunk/Source/_javascript_Core/runtime/Structure.h (153284 => 153285)


--- trunk/Source/_javascript_Core/runtime/Structure.h	2013-07-25 04:05:07 UTC (rev 153284)
+++ trunk/Source/_javascript_Core/runtime/Structure.h	2013-07-25 04:05:08 UTC (rev 153285)
@@ -223,8 +223,8 @@
     bool isValidOffset(PropertyOffset offset) const
     {
         return JSC::isValidOffset(offset)
-            && (offset < m_inlineCapacity
-                || (offset >= firstOutOfLineOffset && offset <= m_offset));
+            && offset <= m_offset
+            && (offset < m_inlineCapacity || offset >= firstOutOfLineOffset);
     }
 
     bool masqueradesAsUndefined(JSGlobalObject* lexicalGlobalObject);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes