Fix initialization order (setup) for JSArrayBuffer objects.
BUG=chromium:531322 LOG=N R=jochen@chromium.org Review URL: https://codereview.chromium.org/1337943005 Cr-Commit-Position: refs/heads/master@{#30713}
This commit is contained in:
mlippautz
Commit bot
parent
ea25bf05f8
commit
cb621e2e2c
@ -16132,7 +16132,6 @@ void JSArrayBuffer::Setup(Handle<JSArrayBuffer> array_buffer, Isolate* isolate,
|
||||
for (int i = 0; i < v8::ArrayBuffer::kInternalFieldCount; i++) {
|
||||
array_buffer->SetInternalField(i, Smi::FromInt(0));
|
||||
}
|
||||
array_buffer->set_backing_store(data);
|
||||
array_buffer->set_bit_field(0);
|
||||
array_buffer->set_is_external(is_external);
|
||||
array_buffer->set_is_neuterable(shared == SharedFlag::kNotShared);
|
||||
@ -16142,6 +16141,11 @@ void JSArrayBuffer::Setup(Handle<JSArrayBuffer> array_buffer, Isolate* isolate,
|
||||
isolate->factory()->NewNumberFromSize(allocated_length);
|
||||
CHECK(byte_length->IsSmi() || byte_length->IsHeapNumber());
|
||||
array_buffer->set_byte_length(*byte_length);
|
||||
// Initialize backing store at last to avoid handling of |JSArrayBuffers| that
|
||||
// are currently being constructed in the |ArrayBufferTracker|. The
|
||||
// registration method below handles the case of registering a buffer that has
|
||||
// already been promoted.
|
||||
array_buffer->set_backing_store(data);
|
||||
|
||||
if (data && !is_external) {
|
||||
isolate->heap()->RegisterNewArrayBuffer(*array_buffer);
|
||||
@ -16191,8 +16195,15 @@ Handle<JSArrayBuffer> JSTypedArray::MaterializeArrayBuffer(
|
||||
void* backing_store =
|
||||
isolate->array_buffer_allocator()->AllocateUninitialized(
|
||||
fixed_typed_array->DataSize());
|
||||
buffer->set_backing_store(backing_store);
|
||||
buffer->set_is_external(false);
|
||||
DCHECK(buffer->byte_length()->IsSmi() ||
|
||||
buffer->byte_length()->IsHeapNumber());
|
||||
DCHECK(NumberToInt32(buffer->byte_length()) == fixed_typed_array->DataSize());
|
||||
// Initialize backing store at last to avoid handling of |JSArrayBuffers| that
|
||||
// are currently being constructed in the |ArrayBufferTracker|. The
|
||||
// registration method below handles the case of registering a buffer that has
|
||||
// already been promoted.
|
||||
buffer->set_backing_store(backing_store);
|
||||
isolate->heap()->RegisterNewArrayBuffer(*buffer);
|
||||
memcpy(buffer->backing_store(),
|
||||
fixed_typed_array->DataPtr(),
|
||||
|
||||
Loading…
Reference in New Issue
Block a user