Updates:
Status: Fixed
Comment #3 on issue 21860 by whe...@chromium.org: tab crash on a particular
combination of array operations
http://code.google.com/p/chromium/issues/detail?id=21860
Fixed in V8 bleeding-edge revision 2900. Review at
http://codereview.chromium.org/195101. Unary negation
was creating a smi that was not zero-extended to 64 bits.
The use in Array.splice was not robust against this.
We fixed unary negation, and the use in Array.splice will
be made robust when we completely change the 64-bit smi encoding later this
week.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
