Comment #2 on issue 2433 by [email protected]: Array access past length leads to reading uninitialized data after transition to FAST_DOUBLE_ELEMENTS
http://code.google.com/p/v8/issues/detail?id=2433
I can fix this test case by changing line 377 in CopyPackedSmiToDoubleElements(). Currently, it reads:
copy_size = from->length() - from_start; but I believe it should read copy_size = packed_size - from_start; Since length() here is the capacity, not the actual length. -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
