Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(853)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/objects.cc

Issue 1337943005: Fix initialization order (setup) for JSArrayBuffer objects. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index 50551dba8f20663be82a149bbb59ec6d80757381..f1673353232d13026ebe759d51f89b0829fa4a5f 100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -16132,7 +16132,6 @@ void JSArrayBuffer::Setup(Handle<JSArrayBuffer> array_buffer, Isolate* isolate,
for (int i = 0; i < v8::ArrayBuffer::kInternalFieldCount; i++) {
array_buffer->SetInternalField(i, Smi::FromInt(0));
}
- array_buffer->set_backing_store(data);
array_buffer->set_bit_field(0);
array_buffer->set_is_external(is_external);
array_buffer->set_is_neuterable(shared == SharedFlag::kNotShared);
@@ -16142,6 +16141,11 @@ void JSArrayBuffer::Setup(Handle<JSArrayBuffer> array_buffer, Isolate* isolate,
isolate->factory()->NewNumberFromSize(allocated_length);
CHECK(byte_length->IsSmi() || byte_length->IsHeapNumber());
array_buffer->set_byte_length(*byte_length);
+ // Initialize backing store at last to avoid handling of |JSArrayBuffers| that
+ // are currently being constructed in the |ArrayBufferTracker|. The
+ // registration method below handles the case of registering a buffer that has
+ // already been promoted.
+ array_buffer->set_backing_store(data);
if (data && !is_external) {
isolate->heap()->RegisterNewArrayBuffer(*array_buffer);
@@ -16191,8 +16195,15 @@ Handle<JSArrayBuffer> JSTypedArray::MaterializeArrayBuffer(
void* backing_store =
isolate->array_buffer_allocator()->AllocateUninitialized(
fixed_typed_array->DataSize());
- buffer->set_backing_store(backing_store);
buffer->set_is_external(false);
+ Handle<Object> byte_length =
Michael Lippautz 2015/09/14 10:35:30 Not sure about this one, but I guess we should pro
jochen (gone - plz use gerrit) 2015/09/14 10:41:55 the length should already be set correctly at that
Michael Lippautz 2015/09/14 11:03:10 Replaced with a DCHECK as discussed offline.
+ isolate->factory()->NewNumberFromSize(fixed_typed_array->DataSize());
+ buffer->set_byte_length(byte_length);
+ // Initialize backing store at last to avoid handling of |JSArrayBuffers| that
+ // are currently being constructed in the |ArrayBufferTracker|. The
+ // registration method below handles the case of registering a buffer that has
+ // already been promoted.
+ buffer->set_backing_store(backing_store);
isolate->heap()->RegisterNewArrayBuffer(*buffer);
memcpy(buffer->backing_store(),
fixed_typed_array->DataPtr(),
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698