Reviewers: iposva, Description: - Fix instance size calculation to ensure that the object cannot overflow the maximum object size. - Added a test that will crash previous revisions.
Please review this at http://codereview.chromium.org/7427 Affected files: M src/heap.cc M src/objects.h test/mjsunit/large-object-allocation.js --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
