Reviewers: lrn_chomrium.org,
Description:
Use FixedArray::kMaxLength instead of incorrect FixedArray::kMaxSize.
Please review this at http://codereview.chromium.org/971001
Affected files:
M src/builtins.cc
Index: src/builtins.cc
diff --git a/src/builtins.cc b/src/builtins.cc
index
4166b7121d269c5d38091cccf1b753425f306b00..c921e1838813096cc55760bce7304b6b04ce7be7
100644
--- a/src/builtins.cc
+++ b/src/builtins.cc
@@ -752,10 +752,12 @@ BUILTIN(ArrayConcat) {
int receiver_len = Smi::cast(receiver_array->length())->value();
int arg_len = Smi::cast(arg_array->length())->value();
+ // FixedArrays lengths are limited by FixedArray::kMaxLength thus
+ // we should fit into a smi.
ASSERT(receiver_len <= (Smi::kMaxValue - arg_len));
int result_len = receiver_len + arg_len;
- if (result_len > FixedArray::kMaxSize) {
+ if (result_len > FixedArray::kMaxLength) {
return CallJsBuiltin("ArrayConcat", args);
}
if (result_len == 0) {
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
