| Index: src/stub-cache.cc
|
| diff --git a/src/stub-cache.cc b/src/stub-cache.cc
|
| index 6b41577ea860cde740974881832d9e82e54ae4d6..e6df1b49e31c9b4fda64dff511608bb7bc1e6a50 100644
|
| --- a/src/stub-cache.cc
|
| +++ b/src/stub-cache.cc
|
| @@ -988,6 +988,7 @@ Object* StoreInterceptorProperty(Arguments args) {
|
|
|
| Object* KeyedLoadPropertyWithInterceptor(Arguments args) {
|
| JSObject* receiver = JSObject::cast(args[0]);
|
| + ASSERT(Smi::cast(args[1])->value() >= 0);
|
| uint32_t index = Smi::cast(args[1])->value();
|
| return receiver->GetElementWithInterceptor(receiver, index);
|
| }
|
|
|
Chromium Code Reviews
Issue 3520006:
Do not invoke indexed interceptor getters for negative indices. (Closed)
