projects / platform / upstream / v8.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ad03389) | patch
Use SetOwnElement when creating splice records in array length setter
authoradamk <adamk@chromium.org>
Fri, 19 Dec 2014 19:39:19 +0000 (11:39 -0800)
committerCommit bot <commit-bot@chromium.org>
Fri, 19 Dec 2014 19:39:35 +0000 (19:39 +0000)
commit1f1329d960fcd8bb21223cb0ed0825f9c5e89e21
tree99ed41e0bfc2ae762033b0b9350d44453397f02btree | snapshot
parentad033893d6eda241aba519226f7db49b053841cacommit | diff
Use SetOwnElement when creating splice records in array length setter

This avoids touching the Array prototype, which may have been tampered with.

BUG=chromium:443982
LOG=n

Review URL: https://codereview.chromium.org/820503005

Cr-Commit-Position: refs/heads/master@{#25908}
src/objects.cc diff | blob | history
test/mjsunit/es7/regress/regress-443982.js [new file with mode: 0644] blob
Domain: Web Framework / Web Engine;