diff options
| author | Ben Murdoch <benm@google.com> | 2011-05-05 14:36:32 +0100 |
|---|---|---|
| committer | Ben Murdoch <benm@google.com> | 2011-05-10 15:38:30 +0100 |
| commit | f05b935882198ccf7d81675736e3aeb089c5113a (patch) | |
| tree | 4ea0ca838d9ef1b15cf17ddb3928efb427c7e5a1 /JavaScriptCore/runtime/JSArray.cpp | |
| parent | 60fbdcc62bced8db2cb1fd233cc4d1e4ea17db1b (diff) | |
| download | external_webkit-f05b935882198ccf7d81675736e3aeb089c5113a.zip external_webkit-f05b935882198ccf7d81675736e3aeb089c5113a.tar.gz external_webkit-f05b935882198ccf7d81675736e3aeb089c5113a.tar.bz2 | |
Merge WebKit at r74534: Initial merge by git.
Change-Id: I6ccd1154fa1b19c2ec2a66878eb675738735f1eb
Diffstat (limited to 'JavaScriptCore/runtime/JSArray.cpp')
| -rw-r--r-- | JavaScriptCore/runtime/JSArray.cpp | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/JavaScriptCore/runtime/JSArray.cpp b/JavaScriptCore/runtime/JSArray.cpp index b8b92f4..556a16e 100644 --- a/JavaScriptCore/runtime/JSArray.cpp +++ b/JavaScriptCore/runtime/JSArray.cpp @@ -874,8 +874,6 @@ static int compareNumbersForQSort(const void* a, const void* b) return (da > db) - (da < db); } -typedef std::pair<JSValue, UString> ValueStringPair; - static int compareByStringPairForQSort(const void* a, const void* b) { const ValueStringPair* va = static_cast<const ValueStringPair*>(a); @@ -939,6 +937,8 @@ void JSArray::sort(ExecState* exec) throwOutOfMemoryError(exec); return; } + + Heap::heap(this)->pushTempSortVector(&values); for (size_t i = 0; i < lengthNotIncludingUndefined; i++) { JSValue value = storage->m_vector[i]; @@ -946,9 +946,6 @@ void JSArray::sort(ExecState* exec) values[i].first = value; } - // FIXME: While calling these toString functions, the array could be mutated. - // In that case, objects pointed to by values in this vector might get garbage-collected! - // FIXME: The following loop continues to call toString on subsequent values even after // a toString call raises an exception. @@ -969,12 +966,18 @@ void JSArray::sort(ExecState* exec) qsort(values.begin(), values.size(), sizeof(ValueStringPair), compareByStringPairForQSort); #endif - // FIXME: If the toString function changed the length of the array, this might be - // modifying the vector incorrectly. - + // If the toString function changed the length of the array or vector storage, + // increase the length to handle the orignal number of actual values. + if (m_vectorLength < lengthNotIncludingUndefined) + increaseVectorLength(lengthNotIncludingUndefined); + if (storage->m_length < lengthNotIncludingUndefined) + storage->m_length = lengthNotIncludingUndefined; + for (size_t i = 0; i < lengthNotIncludingUndefined; i++) storage->m_vector[i] = values[i].first; + Heap::heap(this)->popTempSortVector(&values); + checkConsistency(SortConsistencyCheck); } |