Revision: 19407
Author: [email protected]
Date: Mon Feb 17 12:39:01 2014 UTC
Log: Fix heap snapshot crash when JSArrayBuffer has no backing_store.
LOG=N
BUG=344239
[email protected], [email protected]
Review URL: https://codereview.chromium.org/169393004
http://code.google.com/p/v8/source/detail?r=19407
Modified:
/branches/bleeding_edge/src/heap-snapshot-generator.cc
=======================================
--- /branches/bleeding_edge/src/heap-snapshot-generator.cc Thu Feb 13
15:31:39 2014 UTC
+++ /branches/bleeding_edge/src/heap-snapshot-generator.cc Mon Feb 17
12:39:01 2014 UTC
@@ -1464,6 +1464,8 @@
"weak_first_view", buffer->weak_first_view(),
JSArrayBuffer::kWeakFirstViewOffset);
// Setup a reference to a native memory backing_store object.
+ if (!buffer->backing_store())
+ return;
size_t data_size = NumberToSize(heap_->isolate(), buffer->byte_length());
CHECK(data_size <= static_cast<size_t>(kMaxInt));
HeapEntry* data_entry = AddEntry(
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
