Fix debug crashes.
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 31 Aug 2017 20:50:55 +0000 (20:50 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 31 Aug 2017 20:50:55 +0000 (20:50 +0000)
Rubber stamped by Mark Lam.

* runtime/JSArrayBufferView.cpp:
(JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@221440 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSArrayBufferView.cpp

index 78def6f..ee70d28 100644 (file)
@@ -1,5 +1,14 @@
 2017-08-31  Filip Pizlo  <fpizlo@apple.com>
 
+        Fix debug crashes.
+
+        Rubber stamped by Mark Lam.
+
+        * runtime/JSArrayBufferView.cpp:
+        (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
+
+2017-08-31  Filip Pizlo  <fpizlo@apple.com>
+
         All of the different ArrayBuffer::data's should be CagedPtr<>
         https://bugs.webkit.org/show_bug.cgi?id=175515
 
index 5d8d729..31de566 100644 (file)
@@ -77,7 +77,7 @@ JSArrayBufferView::ConstructionContext::ConstructionContext(
         m_mode = FastTypedArray;
 
         if (mode == ZeroFill) {
-            uint64_t* asWords = static_cast<uint64_t*>(m_vector.get());
+            uint64_t* asWords = static_cast<uint64_t*>(m_vector.getMayBeNull());
             for (unsigned i = size / sizeof(uint64_t); i--;)
                 asWords[i] = 0;
         }