Reviewers: Mads Ager,
Description:
Fix memory corruption in JSFunctionResultCache::Clear.
Please review this at http://codereview.chromium.org/4220002/show
SVN Base: http://v8.googlecode.com/svn/branches/2.4/
Affected files:
M src/objects-inl.h
M src/version.cc
Index: src/objects-inl.h
===================================================================
--- src/objects-inl.h (revision 5738)
+++ src/objects-inl.h (working copy)
@@ -1923,7 +1923,9 @@
void JSFunctionResultCache::Clear() {
int cache_size = Smi::cast(get(kCacheSizeIndex))->value();
Object** entries_start = RawField(this,
OffsetOfElementAt(kEntriesIndex));
- MemsetPointer(entries_start, Heap::the_hole_value(), cache_size);
+ MemsetPointer(entries_start,
+ Heap::the_hole_value(),
+ cache_size - kEntriesIndex);
MakeZeroSize();
}
Index: src/version.cc
===================================================================
--- src/version.cc (revision 5738)
+++ src/version.cc (working copy)
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 2
#define MINOR_VERSION 4
#define BUILD_NUMBER 9
-#define PATCH_LEVEL 10
+#define PATCH_LEVEL 11
#define CANDIDATE_VERSION false
// Define SONAME to have the SCons build the put a specific SONAME into the
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
