VariableLengthObject::allocate<T> should initialize objects
authortzagallo@apple.com <tzagallo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Feb 2019 19:16:36 +0000 (19:16 +0000)
committertzagallo@apple.com <tzagallo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Feb 2019 19:16:36 +0000 (19:16 +0000)
commit7d39b0765df90aa9aaa9761bede8980f2cd0da2b
tree35ef0b57069277a8c41b785a3607fdcdf0fe7f72
parenta49fae5220963cfe52bbac2809db4ea93163364a
VariableLengthObject::allocate<T> should initialize objects
https://bugs.webkit.org/show_bug.cgi?id=194534

Reviewed by Michael Saboff.

`buffer()` should not be called for empty VariableLengthObjects, but
these cases were not being caught due to the objects not being properly
initialized. Fix it so that allocate calls the constructor and fix the
assertion failues.

* runtime/CachedTypes.cpp:
(JSC::CachedObject::operator new):
(JSC::VariableLengthObject::allocate):
(JSC::CachedVector::encode):
(JSC::CachedVector::decode const):
(JSC::CachedUniquedStringImpl::decode const):
(JSC::CachedBitVector::encode):
(JSC::CachedBitVector::decode const):
(JSC::CachedArray::encode):
(JSC::CachedArray::decode const):
(JSC::CachedImmutableButterfly::CachedImmutableButterfly):
(JSC::CachedBigInt::decode const):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241447 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/CachedTypes.cpp