http://codereview.chromium.org/9114050/diff/9004/src/d8.cc File src/d8.cc (right):
http://codereview.chromium.org/9114050/diff/9004/src/d8.cc#newcode399 src/d8.cc:399: if (offset + (length * element_size) > array_buffer_length) { On 2012/01/11 13:54:27, Jakob wrote:
You need an equivalent check (offset > array_buffer_length) in the
args.Length()
== 2 case.
Done. http://codereview.chromium.org/9114050/diff/9004/src/d8.cc#newcode407 src/d8.cc:407: String::New("ArrayBuffer minus the byteOffset must be a " On 2012/01/11 13:54:27, Jakob wrote:
nit: s/ArrayBuffer/ArrayBuffer length/
Done. http://codereview.chromium.org/9114050/diff/9004/src/d8.cc#newcode456 src/d8.cc:456: return result; On 2012/01/11 13:54:27, Jakob wrote:
nit: you don't need this line, could return directly instead (as the
next couple
of functions do).
Done. http://codereview.chromium.org/9114050/diff/9004/test/mjsunit/external-array.js File test/mjsunit/external-array.js (right): http://codereview.chromium.org/9114050/diff/9004/test/mjsunit/external-array.js#newcode75 test/mjsunit/external-array.js:75: new Uint32Array(ab,13); On 2012/01/11 13:54:27, Jakob wrote:
s/13/16/ to avoid triggering the "offset must be multiple of element
size" code
path.
Done. http://codereview.chromium.org/9114050/diff/9004/test/mjsunit/external-array.js#newcode81 test/mjsunit/external-array.js:81: function abfunc5() { On 2012/01/11 13:54:27, Jakob wrote:
nit: AFAICS, abfunc5 and abfunc2 test the same thing.
Done. http://codereview.chromium.org/9114050/ -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
