Title: [167250] trunk/Source/_javascript_Core
- Revision
- 167250
- Author
- commit-qu...@webkit.org
- Date
- 2014-04-14 09:31:43 -0700 (Mon, 14 Apr 2014)
Log Message
Fixed potential integer truncation.
https://bugs.webkit.org/show_bug.cgi?id=131615
Patch by Alex Christensen <achristen...@webkit.org> on 2014-04-14
Reviewed by Darin Adler.
* assembler/X86Assembler.h:
(JSC::X86Assembler::fillNops):
Truncate the size_t to an unsigned after it is limited to 15 instead of before.
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (167249 => 167250)
--- trunk/Source/_javascript_Core/ChangeLog 2014-04-14 16:19:58 UTC (rev 167249)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-04-14 16:31:43 UTC (rev 167250)
@@ -1,3 +1,14 @@
+2014-04-14 Alex Christensen <achristen...@webkit.org>
+
+ Fixed potential integer truncation.
+ https://bugs.webkit.org/show_bug.cgi?id=131615
+
+ Reviewed by Darin Adler.
+
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::fillNops):
+ Truncate the size_t to an unsigned after it is limited to 15 instead of before.
+
2014-04-14 Andreas Kling <akl...@apple.com>
Array.prototype.concat should allocate output storage only once.
Modified: trunk/Source/_javascript_Core/assembler/X86Assembler.h (167249 => 167250)
--- trunk/Source/_javascript_Core/assembler/X86Assembler.h 2014-04-14 16:19:58 UTC (rev 167249)
+++ trunk/Source/_javascript_Core/assembler/X86Assembler.h 2014-04-14 16:31:43 UTC (rev 167250)
@@ -2273,7 +2273,7 @@
uint8_t* where = reinterpret_cast<uint8_t*>(base);
while (size) {
- unsigned nopSize = std::min<unsigned>(size, 15UL);
+ unsigned nopSize = static_cast<unsigned>(std::min<size_t>(size, 15));
unsigned numPrefixes = nopSize <= 10 ? 0 : nopSize - 10;
for (unsigned i = 0; i != numPrefixes; ++i)
*where++ = 0x66;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
