Comment #3 on issue 2433 by [email protected]: Array access past length leads to reading uninitialized data after transition to FAST_DOUBLE_ELEMENTS
http://code.google.com/p/v8/issues/detail?id=2433
That's what I expected the problem to be indeed. Thanks for finding yet another untested boundary case...
-- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
