• barraclough@apple.com's avatar
    Source/JavaScriptCore: Do not allow Array length to be set if it is non-configurable · cd7d2b0a
    barraclough@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=75935
    
    Reviewed by Sam Weinig.
    
    Do not allow Array length to be set if it is non-configurable, and if the new
    length is less than the old length then intervening properties should removed
    in reverse order. Removal of properties should cease if an intervening indexed
    property being removed is non-configurable.
    
    * JavaScriptCore.exp:
        - Removed export for setLength.
    * runtime/ArrayPrototype.cpp:
    (JSC::arrayProtoFuncConcat):
        - JSArray::setLength now takes an ExecState*
    (JSC::arrayProtoFuncSlice):
        - JSArray::setLength now takes an ExecState*
    * runtime/JSArray.cpp:
    (JSC::JSArray::defineOwnProperty):
        - JSArray::setLength now takes an ExecState*
    (JSC::JSArray::put):
        - JSArray::setLength now takes an ExecState*
    (JSC::compareKeysForQSort):
        - Keys extracted from the map can be stored as unsigneds.
    (JSC::JSArray::getOwnPropertyNames):
        - Keys extracted from the map can be stored as unsigneds.
    (JSC::JSArray::setLength):
        - Check lengthIsReadOnly(), rather than copying the entire map to iterate
          over to determine which keys to remove, instead just copy the keys from
          the map to a Vector. When inSparseMode sort the keys in the Vector so
          that we can remove properties in reverse order.
    * runtime/JSArray.h:
        - JSArray::setLength now takes an ExecState*
    
    Source/WebCore: Do not allow Array length to be set if it is non-configurable
    https://bugs.webkit.org/show_bug.cgi?id=75935
    
    Reviewed by Sam Weinig.
    
    * bindings/js/SerializedScriptValue.cpp:
    (WebCore::CloneDeserializer::deserialize):
        - remove unnecessary call to JSArray::setLength.
    
    LayoutTests: rebaselining some canvas images
    https://bugs.webkit.org/show_bug.cgi?id=75552
    
    Patch by Elliot Poger <epoger@google.com> on 2012-01-10
    Reviewed by Ryosuke Niwa.
    
    * platform/chromium-gpu-linux/fast/canvas/canvas-text-baseline-expected.png:
    * platform/chromium-gpu-linux/fast/canvas/quadraticCurveTo-expected.png:
    * platform/chromium-gpu-mac/fast/canvas/canvas-text-baseline-expected.png: Added.
    * platform/chromium-gpu-mac/fast/canvas/quadraticCurveTo-expected.png: Added.
    * platform/chromium-gpu-win/fast/canvas/canvas-text-baseline-expected.png:
    * platform/chromium-gpu-win/fast/canvas/quadraticCurveTo-expected.png:
    * platform/chromium-mac-leopard/fast/canvas/quadraticCurveTo-expected.png: Added.
    * platform/chromium-mac-snowleopard/fast/canvas/canvas-lineWidth-expected.txt: Added.
    * platform/chromium-mac-snowleopard/fast/canvas/canvas-text-baseline-expected.png: Added.
    * platform/chromium-mac-snowleopard/fast/canvas/quadraticCurveTo-expected.png: Added.
    * platform/chromium/test_expectations.txt:
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@104604 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    cd7d2b0a
JSArray.cpp 71.6 KB