Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(96)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 7833040: Fix possible crash in FixedDoubleArray::Initialize() (Closed)

Created:
9 years, 3 months ago by Jakob Kummerow
Modified:
9 years, 3 months ago
Reviewers:
danno
CC:
v8-dev
Visibility:
Public.

Description

Fix possible crash in FixedDoubleArray::Initialize() (this only affected ia32). BUG=95113 TEST=mjsunit/regress/regress-95113.js passes without crashing. Committed: http://code.google.com/p/v8/source/detail?r=9153

Patch Set 1 #

Total comments: 2

Patch Set 2 : address comment #

Patch Set 3 : remove forgotten unused variable #

Unified diffs Side-by-side diffs Delta from patch set Stats (+57 lines, -3 lines) Patch
M src/objects-inl.h View 1 2 1 chunk +9 lines, -3 lines 0 comments Download
A test/mjsunit/regress/regress-95113.js View 1 chunk +48 lines, -0 lines 0 comments Download

Messages

Total messages: 4 (0 generated)
Jakob Kummerow
PTAL.
9 years, 3 months ago (2011-09-06 13:09:46 UTC) #1
danno
http://codereview.chromium.org/7833040/diff/1/src/objects-inl.h File src/objects-inl.h (right): http://codereview.chromium.org/7833040/diff/1/src/objects-inl.h#newcode1765 src/objects-inl.h:1765: WRITE_DOUBLE_FIELD(this, offset, hole_nan_as_double()); just do set(current, from->get(current)) and don't ...
9 years, 3 months ago (2011-09-06 13:22:13 UTC) #2
Jakob Kummerow
http://codereview.chromium.org/7833040/diff/1/src/objects-inl.h File src/objects-inl.h (right): http://codereview.chromium.org/7833040/diff/1/src/objects-inl.h#newcode1765 src/objects-inl.h:1765: WRITE_DOUBLE_FIELD(this, offset, hole_nan_as_double()); On 2011/09/06 13:22:13, danno wrote: > ...
9 years, 3 months ago (2011-09-06 13:31:03 UTC) #3
danno
9 years, 3 months ago (2011-09-06 14:06:08 UTC) #4 
LGTM

Powered by Google App Engine
This is Rietveld 408576698