Reviewers: William Hesse, Description: Put 'this' in a handle in EnsureSize to avoid crash caused by GC at unlucky moment.
Please review this at http://codereview.chromium.org/40108 SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/ Affected files: M src/objects.cc Index: src/objects.cc =================================================================== --- src/objects.cc (revision 1416) +++ src/objects.cc (working copy) @@ -4883,6 +4883,7 @@ void JSArray::EnsureSize(int required_size) { + Handle<JSArray> self(this); ASSERT(HasFastElements()); if (elements()->length() >= required_size) return; Handle<FixedArray> old_backing(elements()); @@ -4891,8 +4892,9 @@ // constantly growing. int new_size = required_size + (required_size >> 3); Handle<FixedArray> new_backing = Factory::NewFixedArray(new_size); + // Can't use this any more now because we may have had a GC! for (int i = 0; i < old_size; i++) new_backing->set(i, old_backing->get(i)); - SetContent(*new_backing); + self->SetContent(*new_backing); } --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
