X87: Bailout for large object allocations in full code EmitFastOneByteArrayJoin.

src/full-codegen/x87/full-codegen-x87.cc

Index: src/full-codegen/x87/full-codegen-x87.cc
diff --git a/src/full-codegen/x87/full-codegen-x87.cc b/src/full-codegen/x87/full-codegen-x87.cc
index bc389be2d3ca55bca386d555697e9e45b69055e6..6076c2322624846e7fb6933b87ecb5176a4e2580 100644
--- a/src/full-codegen/x87/full-codegen-x87.cc
+++ b/src/full-codegen/x87/full-codegen-x87.cc
@@ -4044,6 +4044,11 @@ void FullCodeGenerator::EmitFastOneByteArrayJoin(CallRuntime* expr) {
   __ j(overflow, &bailout);
 
   __ shr(string_length, 1);
+
+  // Bailout for large object allocations.
+  __ cmp(string_length, Page::kMaxRegularHeapObjectSize);
+  __ j(greater, &bailout);
+
   // Live registers and stack values:
   //   string_length
   //   elements