2011-02-28 Geoffrey Garen <ggaren@apple.com>
authorggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 1 Mar 2011 17:41:12 +0000 (17:41 +0000)
committerggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 1 Mar 2011 17:41:12 +0000 (17:41 +0000)
commitdf2d35cae7cd23fe37338805782f636a15e6ae07
tree6825023d77f1fa07ee26ccc1c43c648451e67ad9
parent78e5cbf840ee6a462e062a140b9a4e16db1ad84b
2011-02-28  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Gavin Barraclough.

        Past-the-end writes in VM exceptions (caused crashes in r79627)
        https://bugs.webkit.org/show_bug.cgi?id=55448

        Some exceptions had the wrong structures, so they misoverestimated their
        inline storage sizes.

        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData): Use the right structure.

        * runtime/JSObject.h:
        (JSC::JSNonFinalObject::JSNonFinalObject):
        (JSC::JSFinalObject::JSFinalObject): ASSERT that our structure capacity
        is correct to verify this doesn't happen again.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@80006 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSGlobalData.cpp
Source/JavaScriptCore/runtime/JSObject.h