projects / platform / upstream / v8.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4a4d836) | patch
Fix cluster-fuzz found regression with d8 Workers
authorbinji <binji@chromium.org>
Wed, 8 Jul 2015 17:57:49 +0000 (10:57 -0700)
committerCommit bot <commit-bot@chromium.org>
Wed, 8 Jul 2015 17:58:00 +0000 (17:58 +0000)
commit54920cd2f08549130e363b5bc801424a8eecc7d2
treeb701508df6e31f5eb68455df90761674fc832521tree | snapshot
parent4a4d83683dff9d2fc6bd17aa1f10d6104077467dcommit | diff
Fix cluster-fuzz found regression with d8 Workers

This one occurred when serializing an object. When the property getter threw an
exception, that value was skipped, but the property count wasn't updated. The
deserializer then tried to deserialize the wrong value.

BUG=chromium:506549
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1220193004

Cr-Commit-Position: refs/heads/master@{#29541}
src/d8.cc diff | blob | history
test/mjsunit/regress/regress-crbug-506549.js [new file with mode: 0644] blob
Domain: Web Framework / Web Engine;