Reviewers: Toon Verwaest,
Message:
PTAL. After looking at the crash in the 372579, I have two explanations:
- either std::sort is buggy
- or the storage array contains garbage.
The check in this CL eliminates the latter case.
Description:
Check that all properties are processed in NameDictionary::CopyEnumKeysTo.
BUG=372579
LOG=N
Please review this at https://codereview.chromium.org/306663002/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+1, -0 lines):
M src/objects.cc
Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index
19dcf1b1d86766185c28370b5a04d81388c909fd..1fee95b6b9a897615b25bcc36309a0a1206fdf6a
100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -16100,6 +16100,7 @@ void NameDictionary::CopyEnumKeysTo(FixedArray*
storage) {
if (properties == length) break;
}
}
+ CHECK_EQ(length, properties);
EnumIndexComparator cmp(this);
Smi** start = reinterpret_cast<Smi**>(storage->GetFirstElementAddress());
std::sort(start, start + length, cmp);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
