Browsing the "transform" Tag

Webkit JSC: JIT – Uninitialized Variable Access in ArgumentsEliminationPhase::transform

August 29th, 2019 📆 | 5135 Views ⚑

https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp#L743 case GetByVal: { ... unsigned numberOfArgumentsToSkip = 0; if (candidate->op() == PhantomCreateRest) numberOfArgumentsToSkip = candidate->numberOfArgumentsToSkip(); Node* result = nullptr;

Tagged with: