review.tizen.org Git - platform/upstream/v8.git/commit

projects / platform / upstream / v8.git / commit

author	jkummerow@chromium.org <jkummerow@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Tue, 6 Sep 2011 14:07:54 +0000 (14:07 +0000)
committer	jkummerow@chromium.org <jkummerow@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Tue, 6 Sep 2011 14:07:54 +0000 (14:07 +0000)
commit	09c66d20cef15dcf3429faa943cc9ca5b242a4e2
tree	49555e48480bf7c4724166ea6bedfba3bc1f98b8	tree \| snapshot
parent	df9d8ee8be72a758ecb623c1caef880e1798271f	commit \| diff

Fix possible crash in FixedDoubleArray::Initialize()

(this only affected ia32).

BUG=95113
TEST=mjsunit/regress/regress-95113.js passes without crashing.

Review URL: http://codereview.chromium.org/7833040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9153 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/objects-inl.h		diff \| blob \| history
test/mjsunit/regress/regress-95113.js	[new file with mode: 0644]	blob

Domain: Web Framework / Web Engine;

RSS Atom