Revision: 5741
Author: [email protected]
Date: Fri Oct 29 01:44:08 2010
Log: Fix memory corruption in JSFunctionResultCache::Clear.
Review URL: http://codereview.chromium.org/4220002
http://code.google.com/p/v8/source/detail?r=5741
Modified:
/branches/2.4/src/objects-inl.h
/branches/2.4/src/version.cc
=======================================
--- /branches/2.4/src/objects-inl.h Mon Oct 18 07:30:25 2010
+++ /branches/2.4/src/objects-inl.h Fri Oct 29 01:44:08 2010
@@ -1923,7 +1923,9 @@
void JSFunctionResultCache::Clear() {
int cache_size = Smi::cast(get(kCacheSizeIndex))->value();
Object** entries_start = RawField(this,
OffsetOfElementAt(kEntriesIndex));
- MemsetPointer(entries_start, Heap::the_hole_value(), cache_size);
+ MemsetPointer(entries_start,
+ Heap::the_hole_value(),
+ cache_size - kEntriesIndex);
MakeZeroSize();
}
=======================================
--- /branches/2.4/src/version.cc Thu Oct 28 04:34:57 2010
+++ /branches/2.4/src/version.cc Fri Oct 29 01:44:08 2010
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 2
#define MINOR_VERSION 4
#define BUILD_NUMBER 9
-#define PATCH_LEVEL 10
+#define PATCH_LEVEL 11
#define CANDIDATE_VERSION false
// Define SONAME to have the SCons build the put a specific SONAME into the
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
