| Index: src/runtime/runtime-typedarray.cc
|
| diff --git a/src/runtime/runtime-typedarray.cc b/src/runtime/runtime-typedarray.cc
|
| index 14368e58c6e796cae3e100c392037cd4869ca665..a82b71ddf283748d2136a17660d98e1a5bf341f6 100644
|
| --- a/src/runtime/runtime-typedarray.cc
|
| +++ b/src/runtime/runtime-typedarray.cc
|
| @@ -23,14 +23,16 @@ RUNTIME_FUNCTION(Runtime_ArrayBufferGetByteLength) {
|
|
|
| RUNTIME_FUNCTION(Runtime_ArrayBufferSliceImpl) {
|
| HandleScope scope(isolate);
|
| - DCHECK(args.length() == 3);
|
| + DCHECK(args.length() == 4);
|
| CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, source, 0);
|
| CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, target, 1);
|
| CONVERT_NUMBER_ARG_HANDLE_CHECKED(first, 2);
|
| + CONVERT_NUMBER_ARG_HANDLE_CHECKED(new_length, 3);
|
| RUNTIME_ASSERT(!source.is_identical_to(target));
|
| - size_t start = 0;
|
| + size_t start = 0, target_length = 0;
|
| RUNTIME_ASSERT(TryNumberToSize(isolate, *first, &start));
|
| - size_t target_length = NumberToSize(isolate, target->byte_length());
|
| + RUNTIME_ASSERT(TryNumberToSize(isolate, *new_length, &target_length));
|
| + RUNTIME_ASSERT(NumberToSize(isolate, target->byte_length()) >= target_length);
|
|
|
| if (target_length == 0) return isolate->heap()->undefined_value();
|
|
|
|
|
Chromium Code Reviews
Issue 1574903004:
TypedArray and ArrayBuffer support for @@species (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master