Butterfly::growArrayRight shouldn't be called on null Butterfly objects
authorMark Hahnenberg <mhahnenberg@apple.com>
Mon, 4 Feb 2013 13:16:39 +0000 (14:16 +0100)
committerThe Qt Project <gerrit-noreply@qt-project.org>
Wed, 6 Feb 2013 13:45:44 +0000 (14:45 +0100)
commitddfc231cac5d5307df76332cb532224651ae4966
treeb13294cb425b90ad76d868db9acd1f16ff0f0369
parentc27b9870614d273b2f369bb920a328e371b58756
Butterfly::growArrayRight shouldn't be called on null Butterfly objects

https://bugs.webkit.org/show_bug.cgi?id=105221

Reviewed by Filip Pizlo.

Currently we depend upon the fact that Butterfly::growArrayRight works with null Butterfly
objects purely by coincidence. We should add a new static function that null checks the old
Butterfly object and creates a new one if it's null, or calls growArrayRight if it isn't for
use in the couple of places in JSObject that expect such behavior to work.

* runtime/Butterfly.h:
(Butterfly):
* runtime/ButterflyInlines.h:
(JSC::Butterfly::createOrGrowArrayRight):
(JSC):
* runtime/JSObject.cpp:
(JSC::JSObject::createInitialIndexedStorage):
(JSC::JSObject::createArrayStorage):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137961 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Change-Id: I643bc988f3e25b6f05be4e99f19fd2dc609152e4
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/Butterfly.h
Source/JavaScriptCore/runtime/ButterflyInlines.h
Source/JavaScriptCore/runtime/JSObject.cpp