Author: [email protected]
Date: Wed Mar 4 05:23:39 2009
New Revision: 1419
Modified:
branches/bleeding_edge/src/objects.cc
Log:
Put 'this' in a handle in EnsureSize to avoid crash caused by GC at
unlucky moment.
Review URL: http://codereview.chromium.org/40108
Modified: branches/bleeding_edge/src/objects.cc
==============================================================================
--- branches/bleeding_edge/src/objects.cc (original)
+++ branches/bleeding_edge/src/objects.cc Wed Mar 4 05:23:39 2009
@@ -4883,6 +4883,7 @@
void JSArray::EnsureSize(int required_size) {
+ Handle<JSArray> self(this);
ASSERT(HasFastElements());
if (elements()->length() >= required_size) return;
Handle<FixedArray> old_backing(elements());
@@ -4891,8 +4892,9 @@
// constantly growing.
int new_size = required_size + (required_size >> 3);
Handle<FixedArray> new_backing = Factory::NewFixedArray(new_size);
+ // Can't use this any more now because we may have had a GC!
for (int i = 0; i < old_size; i++) new_backing->set(i,
old_backing->get(i));
- SetContent(*new_backing);
+ self->SetContent(*new_backing);
}
--~--~---------~--~----~------------~-------~--~----~
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
-~----------~----~----~----~------~----~------~--~---
