Skip to content
Permalink
Browse files

[CVE-2019-0925]

  • Loading branch information...
pleath authored and MikeHolman committed Apr 17, 2019
1 parent 6615113 commit 32ca10f3955f2a3ca56c6671c721b1264eca06b8
Showing with 2 additions and 0 deletions.
  1. +1 −0 lib/Backend/GlobOpt.cpp
  2. +1 −0 lib/Backend/GlobOptFields.cpp
@@ -13462,6 +13462,7 @@ GlobOpt::CheckJsArrayKills(IR::Instr *const instr)
break;

case Js::OpCode::NewScObjectNoCtor:
case Js::OpCode::NewScObjectNoCtorFull:
if(doNativeArrayTypeSpec)
{
// Class/object construction can make something a prototype
@@ -492,6 +492,7 @@ GlobOpt::ProcessFieldKills(IR::Instr *instr, BVSparse<JitArenaAllocator> *bv, bo
case Js::OpCode::InitClass:
case Js::OpCode::InitProto:
case Js::OpCode::NewScObjectNoCtor:
case Js::OpCode::NewScObjectNoCtorFull:
if (inGlobOpt)
{
// Opcodes that make an object into a prototype may break object-header-inlining and final type opt.

0 comments on commit 32ca10f

Please sign in to comment.
You can’t perform that action at this time.