CachedBitVector's size must be converted from bits to bytes
authortzagallo@apple.com <tzagallo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 14 Feb 2019 17:37:23 +0000 (17:37 +0000)
committertzagallo@apple.com <tzagallo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 14 Feb 2019 17:37:23 +0000 (17:37 +0000)
commit06a05694b620de9370188c52499860296ec267aa
tree4fc8e4b78bd2e63b89e8ae09dfa3e1b46c8851c4
parentf93c4d07358728c69cf68420c0a86e9c46825783
CachedBitVector's size must be converted from bits to bytes
https://bugs.webkit.org/show_bug.cgi?id=194441

Reviewed by Saam Barati.

CachedBitVector used its size in bits for memcpy. That didn't cause any
issues when encoding, since the size in bits was also used in the allocation,
but would overflow the actual BitVector buffer when decoding.

* runtime/CachedTypes.cpp:
(JSC::CachedBitVector::encode):
(JSC::CachedBitVector::decode const):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241550 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/CachedTypes.cpp