Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(136)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1515963002: Fix mix-up in HasEnumerableElements() (Closed)

Created:
5 years ago by Jakob Kummerow
Modified:
5 years ago
CC:
v8-reviews_googlegroups.com
Base URL:
https://chromium.googlesource.com/v8/v8.git@master
Target Ref:
refs/pending/heads/master
Project:
v8
Visibility:
Public.

Description

Fix mix-up in HasEnumerableElements() Only JSArrays ever have packed elements; holey elements can be on any kind of object. BUG=chromium:568525 LOG=n R=cbruni@chromium.org Committed: https://crrev.com/989f44f126f994bb8df6c49ab09ae7ab99fdc72c Cr-Commit-Position: refs/heads/master@{#32755}

Patch Set 1 #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+8 lines, -7 lines) Patch
M src/objects.cc View 2 chunks +5 lines, -5 lines 2 comments Download
A + test/mjsunit/regress/regress-crbug-568525.js View 1 chunk +3 lines, -2 lines 0 comments Download

Messages

Total messages: 11 (3 generated)
Jakob Kummerow
5 years ago (2015-12-10 14:26:55 UTC) #1
Camillo Bruni
lgtm
5 years ago (2015-12-10 14:30:07 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1515963002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1515963002/1
5 years ago (2015-12-10 14:30:22 UTC) #4
commit-bot: I haz the power
Committed patchset #1 (id:1)
5 years ago (2015-12-10 15:01:32 UTC) #5
commit-bot: I haz the power
Patchset 1 (id:??) landed as https://crrev.com/989f44f126f994bb8df6c49ab09ae7ab99fdc72c Cr-Commit-Position: refs/heads/master@{#32755}
5 years ago (2015-12-10 15:01:58 UTC) #7
Toon Verwaest
https://codereview.chromium.org/1515963002/diff/1/src/objects.cc File src/objects.cc (right): https://codereview.chromium.org/1515963002/diff/1/src/objects.cc#newcode7989 src/objects.cc:7989: int length = Smi::cast(JSArray::cast(object)->length())->value(); This is not guaranteed; sloppy ...
5 years ago (2015-12-10 21:15:54 UTC) #9
Toon Verwaest
5 years ago (2015-12-10 21:15:56 UTC) #10
Jakob Kummerow
5 years ago (2015-12-11 09:47:24 UTC) #11
Message was sent while issue was closed. 
https://codereview.chromium.org/1515963002/diff/1/src/objects.cc
File src/objects.cc (right):

https://codereview.chromium.org/1515963002/diff/1/src/objects.cc#newcode7989
src/objects.cc:7989: int length =
Smi::cast(JSArray::cast(object)->length())->value();
On 2015/12/10 21:15:54, Toon Verwaest wrote:
> This is not guaranteed; sloppy argument objects are not jsarrays but can be
> packed.

Thanks -> https://codereview.chromium.org/1517073003/

Powered by Google App Engine
This is Rietveld 408576698