-
msaboff@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=110828 Reviewed by Oliver Hunt. * runtime/JSObject.h: (JSC::maxOffsetRelativeToPatchedStorage): Only add the OBJECT_OFFSETOF(tag) for positive offsets. That way this function will return the offset farthest from 0 needed to access either the payload or tag. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@143994 268f45cc-cd09-0410-ab3c-d52691b4dbfc
bdd987c3