http://codereview.chromium.org/17418/diff/1/2 File src/factory.cc (right):
http://codereview.chromium.org/17418/diff/1/2#newcode823 Line 823: int num_keys = keys->length(); If the num_keys is large then the instance size can grow beyond the maximum allowed 255 words. You should either limit the size of inobject properties so that the instance size does not overflow or just give up if the instance size gets too big. I know that there is a check before calling this method, but then it should at least be spelled out here. I would say rather safe than sorry. http://codereview.chromium.org/17418 --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
