Fixed crashes exposed though fuzzing.
The %_OneByteSeqStringSetChar intrinsic expects its arguments to be checked before being called for efficiency reasons, but the fuzzer provided no such checks. Now the intrinsic is robust to bad input if FLAG_debug_code is set.
R=yangguo@chromium.org
TEST=test/mjsunit/regress/regress-320948.js
BUG=chromium:320948
LOG=Y
Review URL: https://codereview.chromium.org/
72813004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17886
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00