+2017-12-14 Keith Miller <keith_miller@apple.com>
+
+ Fix assertion in JSObject's structure setting methods
+ https://bugs.webkit.org/show_bug.cgi?id=180840
+
+ Reviewed by Mark Lam.
+
+ I forgot that when Typed Arrays have non-indexed properties
+ added to them, they call the generic code. The generic code
+ in turn calls the regular structure setting methods. Thus,
+ these assertions were invalid and we should just avoid setting
+ the indexing mask if we have a Typed Array.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::setButterfly):
+ (JSC::JSObject::nukeStructureAndSetButterfly):
+
2017-12-14 Michael Saboff <msaboff@apple.com>
REGRESSION (r225695): Repro crash on yahoo login page
git://git.webkit.org / WebKit-https.git / blobdiff