Revision: 5739
Author: [email protected]
Date: Fri Oct 29 01:34:01 2010
Log: Fix memory corruption in JSFunctionResultCache::Clear.
Review URL: http://codereview.chromium.org/4108008
http://code.google.com/p/v8/source/detail?r=5739
Modified:
/branches/2.3/src/objects-inl.h
/branches/2.3/src/version.cc
=======================================
--- /branches/2.3/src/objects-inl.h Fri Sep 24 03:24:53 2010
+++ /branches/2.3/src/objects-inl.h Fri Oct 29 01:34:01 2010
@@ -1937,7 +1937,9 @@
void JSFunctionResultCache::Clear() {
int cache_size = Smi::cast(get(kCacheSizeIndex))->value();
Object** entries_start = RawField(this,
OffsetOfElementAt(kEntriesIndex));
- MemsetPointer(entries_start, Heap::the_hole_value(), cache_size);
+ MemsetPointer(entries_start,
+ Heap::the_hole_value(),
+ cache_size - kEntriesIndex);
MakeZeroSize();
}
=======================================
--- /branches/2.3/src/version.cc Tue Oct 26 02:25:42 2010
+++ /branches/2.3/src/version.cc Fri Oct 29 01:34:01 2010
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 2
#define MINOR_VERSION 3
#define BUILD_NUMBER 11
-#define PATCH_LEVEL 21
+#define PATCH_LEVEL 22
#define CANDIDATE_VERSION false
// Define SONAME to have the SCons build the put a specific SONAME into the
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
