| Index: src/ia32/full-codegen-ia32.cc
|
| ===================================================================
|
| --- src/ia32/full-codegen-ia32.cc (revision 6016)
|
| +++ src/ia32/full-codegen-ia32.cc (working copy)
|
| @@ -3108,6 +3108,13 @@
|
| __ test(temp, Immediate(kSmiTagMask));
|
| __ j(not_zero, &slow_case);
|
|
|
| + // Check that both indices are valid.
|
| + __ mov(temp, FieldOperand(object, JSArray::kLengthOffset));
|
| + __ cmp(temp, Operand(index_1));
|
| + __ j(below_equal, &slow_case);
|
| + __ cmp(temp, Operand(index_2));
|
| + __ j(below_equal, &slow_case);
|
| +
|
| // Bring addresses into index1 and index2.
|
| __ lea(index_1, CodeGenerator::FixedArrayElementOperand(elements, index_1));
|
| __ lea(index_2, CodeGenerator::FixedArrayElementOperand(elements, index_2));
|
|
|
Chromium Code Reviews
Issue 5686006:
Add array bound checks to code generated for SwapElements. This fixes a bug t... (Closed)
Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/