git://git.webkit.org / WebKit-https.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Array Storage operations sometimes did not update the indexing mask correctly.
[WebKit-https.git] / Source / JavaScriptCore / runtime / JSObject.cpp
diff --git a/Source/JavaScriptCore/runtime/JSObject.cpp b/Source/JavaScriptCore/runtime/JSObject.cpp
index 6e6779b..a9ee8df 100644 (file)
--- a/Source/JavaScriptCore/runtime/JSObject.cpp
+++ b/Source/JavaScriptCore/runtime/JSObject.cpp
@@ -3135,6 +3135,7 @@ bool JSObject::increaseVectorLength(VM& vm, unsigned newLength)
         for (unsigned i = vectorLength; i < availableVectorLength; ++i)
             storage->m_vector[i].clear();
         storage->setVectorLength(availableVectorLength);
+        m_butterflyIndexingMask = storage->butterfly()->computeIndexingMask();
         return true;
     }
     
Mirror of the WebKit open source project from svn.webkit.org.