Closed Bug 664667 Opened 14 years ago Closed 14 years ago

JSObject::slotsAndStructSize returns incorrect size

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: craig.topper, Unassigned)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

Fix operator precedence issue in JSObject::slotsAndStructSize
933 bytes, patch
jorendorff
: review+
Details | Diff | Splinter Review
?: has lower precendence than + and * which causes the return in the following code to calculate size incorrectly. The ?: should be in parentheses. inline size_t JSObject::slotsAndStructSize(uint32 nslots) const { bool isFun = isFunction() && this == (JSObject*) getPrivate(); int ndslots = hasSlotsArray() ? nslots : 0; int nfslots = isFun ? 0 : numFixedSlots(); return sizeof(js::Value) * (ndslots + nfslots) + isFun ? sizeof(JSFunction) : sizeof(JSObject); }
Assignee: nobody → general
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
QA Contact: jsd → general
Comment on attachment 539737 [details] [diff] [review] Fix operator precedence issue in JSObject::slotsAndStructSize Playing spin the r? bottle here.
Attachment #539737 - Flags: review?(jorendorff)
Attachment #539737 - Flags: review?(jorendorff) → review+
Keywords: checkin-needed
http://hg.mozilla.org/tracemonkey/rev/01f0e75fce22
Status: NEW → ASSIGNED
Keywords: checkin-needed
Whiteboard: fixed-in-tracemonkey
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: