projects / platform / upstream / v8.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0f5b5dd) | patch
Out of bounds memory access in TestJSArrayForAllocationSiteInfo.
authormvstanton@chromium.org <mvstanton@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Mon, 21 Jan 2013 12:26:29 +0000 (12:26 +0000)
committermvstanton@chromium.org <mvstanton@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Mon, 21 Jan 2013 12:26:29 +0000 (12:26 +0000)
commitd7d917e6f0848941447e9be7fa5317e6501a3c82
treeb790ccb4e40ee46e246e1cf718d23cb621c7b039tree | snapshot
parent0f5b5dd3115ab599a8d953fd625f03efae5036fbcommit | diff
Out of bounds memory access in TestJSArrayForAllocationSiteInfo.

The function intended to check the map pointer of an AllocationSiteInfo object, but neglected to
subtract an offset to do so.

BUG=169928

Review URL: https://codereview.chromium.org/11931037

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
src/arm/macro-assembler-arm.cc diff | blob | history
src/ia32/macro-assembler-ia32.cc diff | blob | history
src/mips/macro-assembler-mips.cc diff | blob | history
src/x64/macro-assembler-x64.cc diff | blob | history
test/cctest/test-heap.cc diff | blob | history
test/mjsunit/allocation-site-info.js diff | blob | history
Domain: Web Framework / Web Engine;