[webkit-changes] [254602] branches/safari-609-branch/Source/JavaScriptCore

[alancoon]

Title: [254602] branches/safari-609-branch/Source/_javascript_Core

Revision

254602

Author

alanc...@apple.com

Date

2020-01-15 11:15:22 -0800 (Wed, 15 Jan 2020)

Log Message

Cherry-pick r254244. rdar://problem/58553148

    Instruction.h: Multiplication result converted to larger type
    https://bugs.webkit.org/show_bug.cgi?id=205945

    Reviewed by Mark Lam.

    * bytecode/Instruction.h:
    (JSC::BaseInstruction::size const):
    Changed the types to size_t so that the computation is computed accordingly.

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254244 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

• branches/safari-609-branch/Source/_javascript_Core/ChangeLog
• branches/safari-609-branch/Source/_javascript_Core/bytecode/Instruction.h

Diff

Modified: branches/safari-609-branch/Source/_javascript_Core/ChangeLog (254601 => 254602)

--- branches/safari-609-branch/Source/_javascript_Core/ChangeLog	2020-01-15 19:15:19 UTC (rev 254601)
+++ branches/safari-609-branch/Source/_javascript_Core/ChangeLog	2020-01-15 19:15:22 UTC (rev 254602)
@@ -1,5 +1,33 @@
 2020-01-14  Alan Coon  <alanc...@apple.com>
 
+        Cherry-pick r254244. rdar://problem/58553148
+
+    Instruction.h: Multiplication result converted to larger type
+    https://bugs.webkit.org/show_bug.cgi?id=205945
+    
+    Reviewed by Mark Lam.
+    
+    * bytecode/Instruction.h:
+    (JSC::BaseInstruction::size const):
+    Changed the types to size_t so that the computation is computed accordingly.
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254244 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-01-08  Michael Saboff  <msab...@apple.com>
+
+            Instruction.h: Multiplication result converted to larger type
+            https://bugs.webkit.org/show_bug.cgi?id=205945
+
+            Reviewed by Mark Lam.
+
+            * bytecode/Instruction.h:
+            (JSC::BaseInstruction::size const):
+            Changed the types to size_t so that the computation is computed accordingly.
+
+
+2020-01-14  Alan Coon  <alanc...@apple.com>
+
         Cherry-pick r254218. rdar://problem/58553153
 
     JSArrayBufferView.h: Multiplication result converted to larger type

Modified: branches/safari-609-branch/Source/_javascript_Core/bytecode/Instruction.h (254601 => 254602)

--- branches/safari-609-branch/Source/_javascript_Core/bytecode/Instruction.h	2020-01-15 19:15:19 UTC (rev 254601)
+++ branches/safari-609-branch/Source/_javascript_Core/bytecode/Instruction.h	2020-01-15 19:15:22 UTC (rev 254602)
@@ -118,8 +118,8 @@
     size_t size() const
     {
         auto sizeShiftAmount = this->sizeShiftAmount<Traits>();
-        auto prefixSize = sizeShiftAmount ? 1 : 0;
-        auto operandSize = 1 << sizeShiftAmount;
+        size_t prefixSize = sizeShiftAmount ? 1 : 0;
+        size_t operandSize = static_cast<size_t>(1) << sizeShiftAmount;
         size_t sizeOfBytecode = 1;
         return sizeOfBytecode + (Traits::opcodeLengths[opcodeID<Traits>()] - 1) * operandSize + prefixSize;
     }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes