[webkit-changes] [260993] trunk/Source/JavaScriptCore

[ddkilzer]

Title: [260993] trunk/Source/_javascript_Core

Revision

260993

Author

ddkil...@apple.com

Date

2020-05-01 03:26:10 -0700 (Fri, 01 May 2020)

Log Message

JSC::PropertySlot::m_attributes is uninitialized in constructor
<https://webkit.org/b/211267>

Reviewed by Mark Lam.

* runtime/PropertySlot.h:
(JSC::PropertySlot::PropertySlot):
- Initialize m_attributes and m_additionalData, and make use of
  default initializers.

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/PropertySlot.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (260992 => 260993)

--- trunk/Source/_javascript_Core/ChangeLog	2020-05-01 09:48:33 UTC (rev 260992)
+++ trunk/Source/_javascript_Core/ChangeLog	2020-05-01 10:26:10 UTC (rev 260993)
@@ -1,3 +1,15 @@
+2020-05-01  David Kilzer  <ddkil...@apple.com>
+
+        JSC::PropertySlot::m_attributes is uninitialized in constructor
+        <https://webkit.org/b/211267>
+
+        Reviewed by Mark Lam.
+
+        * runtime/PropertySlot.h:
+        (JSC::PropertySlot::PropertySlot):
+        - Initialize m_attributes and m_additionalData, and make use of
+          default initializers.
+
 2020-05-01  Alexey Shvayka  <shvaikal...@gmail.com>
 
         [WebIDL] Interface prototype objects should define @@toStringTag

Modified: trunk/Source/_javascript_Core/runtime/PropertySlot.h (260992 => 260993)

--- trunk/Source/_javascript_Core/runtime/PropertySlot.h	2020-05-01 09:48:33 UTC (rev 260992)
+++ trunk/Source/_javascript_Core/runtime/PropertySlot.h	2020-05-01 10:26:10 UTC (rev 260993)
@@ -113,15 +113,8 @@
     };
 
     explicit PropertySlot(const JSValue thisValue, InternalMethodType internalMethodType)
-        : m_offset(invalidOffset)
-        , m_thisValue(thisValue)
-        , m_slotBase(nullptr)
-        , m_watchpointSet(nullptr)
-        , m_cacheability(CachingDisallowed)
-        , m_propertyType(TypeUnset)
+        : m_thisValue(thisValue)
         , m_internalMethodType(internalMethodType)
-        , m_additionalDataType(AdditionalDataType::None)
-        , m_isTaintedByOpaqueObject(false)
     {
     }
 
@@ -395,20 +388,20 @@
         } customAccessor;
     } m_data;
 
-    unsigned m_attributes;
-    PropertyOffset m_offset;
+    unsigned m_attributes { 0 };
+    PropertyOffset m_offset { invalidOffset };
     JSValue m_thisValue;
-    JSObject* m_slotBase;
-    WatchpointSet* m_watchpointSet;
-    CacheabilityType m_cacheability;
-    PropertyType m_propertyType;
+    JSObject* m_slotBase { nullptr };
+    WatchpointSet* m_watchpointSet { nullptr };
+    CacheabilityType m_cacheability { CachingDisallowed };
+    PropertyType m_propertyType { TypeUnset };
     InternalMethodType m_internalMethodType;
-    AdditionalDataType m_additionalDataType;
-    bool m_isTaintedByOpaqueObject;
+    AdditionalDataType m_additionalDataType { AdditionalDataType::None };
+    bool m_isTaintedByOpaqueObject { false };
     union {
         DOMAttributeAnnotation domAttribute;
         ModuleNamespaceSlot moduleNamespaceSlot;
-    } m_additionalData;
+    } m_additionalData { { 0, 0 } };
 };
 
 ALWAYS_INLINE JSValue PropertySlot::getValue(JSGlobalObject* globalObject, PropertyName propertyName) const

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes