| Index: src/js/harmony-array.js
|
| diff --git a/src/js/harmony-array.js b/src/js/harmony-array.js
|
| index d100c0dbea4d17b5638639f9d519a70250030ab8..20e5e78205cfa98608e68b6b38a347f7ca203170 100644
|
| --- a/src/js/harmony-array.js
|
| +++ b/src/js/harmony-array.js
|
| @@ -11,6 +11,7 @@
|
| // -------------------------------------------------------------------
|
| // Imports
|
|
|
| +var AddIndexedProperty;
|
| var FLAG_harmony_tolength;
|
| var GetIterator;
|
| var GetMethod;
|
| @@ -23,6 +24,7 @@ var ObjectIsFrozen;
|
| var ObjectDefineProperty;
|
|
|
| utils.Import(function(from) {
|
| + AddIndexedProperty = from.AddIndexedProperty;
|
| FLAG_harmony_tolength = from.FLAG_harmony_tolength;
|
| GetIterator = from.GetIterator;
|
| GetMethod = from.GetMethod;
|
| @@ -182,7 +184,7 @@ function ArrayFill(value, start, end) {
|
|
|
| function AddArrayElement(constructor, array, i, value) {
|
| if (constructor === GlobalArray) {
|
| - %AddElement(array, i, value);
|
| + AddIndexedProperty(array, i, value);
|
| } else {
|
| ObjectDefineProperty(array, i, {
|
| value: value, writable: true, configurable: true, enumerable: true
|
|
|
Chromium Code Reviews
Issue 1420663003:
Avoid calling %AddElement with a number out of array index range (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master