projects / platform / upstream / v8.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 93c4352) | patch
Fix cluster-fuzz found regression in d8 Workers.
authorbinji <binji@chromium.org>
Mon, 29 Jun 2015 15:53:08 +0000 (08:53 -0700)
committerCommit bot <commit-bot@chromium.org>
Mon, 29 Jun 2015 15:53:22 +0000 (15:53 +0000)
commite291b78a8ef4f5898052c58cdd3e85e430d86202
tree991a585ef2a1565b894db16bd7711fda90d53d76tree | snapshot
parent93c43523eac8204ae84839a0470b3ee3fe52b3e2commit | diff
Fix cluster-fuzz found regression in d8 Workers.

This one occurs when Function.prototype.toString is overridden to return a
non-string.

BUG=chromium:504729
R=mstarzinger@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1214803004

Cr-Commit-Position: refs/heads/master@{#29351}
src/d8.cc diff | blob | history
test/mjsunit/regress/regress-crbug-504729.js [new file with mode: 0644] blob
Domain: Web Framework / Web Engine;