Off-by-one error in zapping objects after right trimming.

author verwaest@chromium.org <verwaest@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>

Mon, 1 Oct 2012 09:48:07 +0000 (09:48 +0000)

committer verwaest@chromium.org <verwaest@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>

Mon, 1 Oct 2012 09:48:07 +0000 (09:48 +0000)
author verwaest@chromium.org <verwaest@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Mon, 1 Oct 2012 09:48:07 +0000 (09:48 +0000)
committer verwaest@chromium.org <verwaest@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Mon, 1 Oct 2012 09:48:07 +0000 (09:48 +0000)
diff --git a/src/objects.cc b/src/objects.cc

index e772d54..c37a4a8 100644 (file)
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -2176,11 +2176,13 @@ enum RightTrimMode { FROM_GC, FROM_MUTATOR };
  static void ZapEndOfFixedArray(Address new_end, int to_trim) {
    // If we are doing a big trim in old space then we zap the space.
    Object** zap = reinterpret_cast<Object**>(new_end);
+  zap++;  // Header of filler must be at least one word so skip that.
    for (int i = 1; i < to_trim; i++) {
      *zap++ = Smi::FromInt(0);
    }
  }
  
+
  template<RightTrimMode trim_mode>
  static void RightTrimFixedArray(Heap* heap, FixedArray* elms, int to_trim) {
    ASSERT(elms->map() != HEAP->fixed_cow_array_map());
author	verwaest@chromium.org <verwaest@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Mon, 1 Oct 2012 09:48:07 +0000 (09:48 +0000)
committer	verwaest@chromium.org <verwaest@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Mon, 1 Oct 2012 09:48:07 +0000 (09:48 +0000)