Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(78)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 11777014: Fix missing exception check in typed array constructor. (Closed)

Created:
7 years, 11 months ago by Michael Starzinger
Modified:
7 years, 11 months ago
Reviewers:
Toon Verwaest
CC:
v8-dev
Visibility:
Public.

Description

Fix missing exception check in typed array constructor. The typed array constructor might fail if the first argument is an object with a length property. Accessing the property can cause an exception to be thrown and an explicit check needs to be performed. R=verwaest@chromium.org BUG=chromium:168545 TEST=mjsunit/regress/regress-crbug-168545.js Committed: http://code.google.com/p/v8/source/detail?r=13325

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+6 lines, -7 lines) Patch
M src/d8.cc View 1 chunk +3 lines, -2 lines 0 comments Download
A + test/mjsunit/regress/regress-crbug-168545.js View 2 chunks +3 lines, -5 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
Michael Starzinger
7 years, 11 months ago (2013-01-07 13:19:51 UTC) #1
Toon Verwaest
LGTM. Copying the elements is still broken though: var o = [1,2,3]; Object.defineProperty(o, "1", { ...
7 years, 11 months ago (2013-01-07 13:50:07 UTC) #2
Michael Starzinger
7 years, 11 months ago (2013-01-07 13:55:33 UTC) #3 
You are right, nice catch. I'll tackle that in a separate CL though.

Powered by Google App Engine
This is Rietveld 408576698