LGTM 2009/3/4 <[email protected]>: > Reviewers: Erik Corry, > > Description: > Merge bleeding_edge revision 1419 to trunk. Fixes a GC unsafety that > can lead to a crash. > > Please review this at http://codereview.chromium.org/40110 > > SVN Base: http://v8.googlecode.com/svn/trunk/ > > Affected files: > M src/api.cc > M src/objects.cc > > > Index: src/api.cc > =================================================================== > --- src/api.cc (revision 1419) > +++ src/api.cc (working copy) > @@ -2185,7 +2185,7 @@ > > > const char* v8::V8::GetVersion() { > - return "1.0.3.2"; > + return "1.0.3.3"; > } > > > Index: src/objects.cc > =================================================================== > --- src/objects.cc (revision 1419) > +++ src/objects.cc (working copy) > @@ -4880,6 +4880,7 @@ > > > void JSArray::EnsureSize(int required_size) { > + Handle<JSArray> self(this); > ASSERT(HasFastElements()); > if (elements()->length() >= required_size) return; > Handle<FixedArray> old_backing(elements()); > @@ -4888,8 +4889,9 @@ > // constantly growing. > int new_size = required_size + (required_size >> 3); > Handle<FixedArray> new_backing = Factory::NewFixedArray(new_size); > + // Can't use this any more now because we may have had a GC! > for (int i = 0; i < old_size; i++) new_backing->set(i, > old_backing->get(i)); > - SetContent(*new_backing); > + self->SetContent(*new_backing); > } > > > > >
-- Erik Corry, Software Engineer Google Denmark ApS. CVR nr. 28 86 69 84 c/o Philip & Partners, 7 Vognmagergade, P.O. Box 2227, DK-1018 Copenhagen K, Denmark. --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
