| author | Terrence Cole <terrence@mozilla.com> |
| Wed, 10 Jun 2015 08:58:36 -0700 | |
| changeset 248077 | 3e6ee3df29aa7ac0a3db30d5dffcbd31a7da55c8 |
| parent 248076 | fb99310b6a1a7b48486a9d4899dfad8756364026 |
| child 248078 | 2fd6e854642e13862e03894b99cbc66da2afdc2f |
| push id | 28888 |
| push user | kwierso@gmail.com |
| push date | Thu, 11 Jun 2015 01:29:45 +0000 |
| treeherder | mozilla-central@04c057942da4 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | jonco |
| bugs | 1171430 |
| milestone | 41.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| js/src/jsutil.h | file | annotate | diff | comparison | revisions |
--- a/js/src/jsutil.h +++ b/js/src/jsutil.h @@ -300,17 +300,17 @@ Poison(void* ptr, uint8_t value, size_t static bool poison = !bool(getenv("JSGC_DISABLE_POISONING")); if (poison) { // Without a valid Value tag, a poisoned Value may look like a valid // floating point number. To ensure that we crash more readily when // observing a poised Value, we make the poison an invalid ObjectValue. uintptr_t obj; memset(&obj, value, sizeof(obj)); #if defined(JS_PUNBOX64) - obj >>= JSVAL_TAG_SHIFT; + obj = obj & ((uintptr_t(1) << JSVAL_TAG_SHIFT) - 1); #endif const jsval_layout layout = OBJECT_TO_JSVAL_IMPL((JSObject*)obj); size_t value_count = num / sizeof(jsval_layout); size_t byte_count = num % sizeof(jsval_layout); mozilla::PodSet((jsval_layout*)ptr, layout, value_count); if (byte_count) { uint8_t* bytes = static_cast<uint8_t*>(ptr);