AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Fix uninitialized memory read in CallOptimization.

Browse Source 
BUG=http://crbug.com/36602

Review URL: http://codereview.chromium.org/657081

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3941 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
vitalyr@chromium.org 2010-02-24 19:14:21 +00:00
parent be1ea81cbf
commit 3d76502914
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/ia32/stub-cache-ia32.cc
View File

@ -479,17 +479,14 @@ class LoadInterceptorCompiler BASE_EMBEDDED {
// Holds information about possible function call optimizations.
class CallOptimization BASE_EMBEDDED {
public:
explicit CallOptimization(LookupResult* lookup)
: constant_function_(NULL),
is_simple_api_call_(false),
expected_receiver_type_(NULL),
api_call_info_(NULL) {
if (!lookup->IsProperty() || !lookup->IsCacheable()) return;
// We only optimize constant function calls.
if (lookup->type() != CONSTANT_FUNCTION) return;
Initialize(lookup->GetConstantFunction());
explicit CallOptimization(LookupResult* lookup) {
if (!lookup->IsProperty() || !lookup->IsCacheable() ||
lookup->type() != CONSTANT_FUNCTION) {
Initialize(NULL);
} else {
// We only optimize constant function calls.
Initialize(lookup->GetConstantFunction());
}
}
explicit CallOptimization(JSFunction* function) {
@ -537,11 +534,14 @@ class CallOptimization BASE_EMBEDDED {
private:
void Initialize(JSFunction* function) {
if (!function->is_compiled()) return;
constant_function_ = NULL;
is_simple_api_call_ = false;
expected_receiver_type_ = NULL;
api_call_info_ = NULL;
if (function == NULL || !function->is_compiled()) return;
constant_function_ = function;
is_simple_api_call_ = false;
AnalyzePossibleApiFunction(function);
}