[webkit-changes] [WebKit/WebKit] 9158c5: [JSC] Make `memcpy` for butterfly safer in `Array#...

SUZUKI Sosuke Wed, 01 Jan 2025 21:47:10 -0800

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 9158c52898ef7f10c47c884c12c67de5ee47d711
      
https://github.com/WebKit/WebKit/commit/9158c52898ef7f10c47c884c12c67de5ee47d711
  Author: Sosuke Suzuki <aosuk...@gmail.com>
  Date:   2025-01-01 (Wed, 01 Jan 2025)


  Changed paths:
    M Source/JavaScriptCore/runtime/JSArray.cpp

  Log Message:
  -----------
  [JSC] Make `memcpy` for butterfly safer in `Array#toReversed` fast path
https://bugs.webkit.org/show_bug.cgi?id=285278

Reviewed by Yusuke Suzuki.

We should initialize all vector fields of a butterfly before creating a
new array with `createWithButterfly`. This is the same issue pointed
out in https://github.com/WebKit/WebKit/pull/38429#discussion_r1900117330

* Source/JavaScriptCore/runtime/JSArray.cpp:
(JSC::JSArray::fastToReversed):

Canonical link: https://commits.webkit.org/288359@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] 9158c5: [JSC] Make `memcpy` for butterfly safer in `Array#...

Reply via email to