projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b05ff5e)
Add missing bounds check in FixedArray::set for smis
authordanno@chromium.org <danno@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Wed, 3 Aug 2011 13:56:55 +0000 (13:56 +0000)
committerdanno@chromium.org <danno@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Wed, 3 Aug 2011 13:56:55 +0000 (13:56 +0000)
R=svenpanne@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/7564010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/objects-inl.h patch | blob | history

diff --git a/src/objects-inl.h b/src/objects-inl.h
index e76bd04..0e76c9c 100644 (file)
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -1612,6 +1612,7 @@ Object* FixedArray::get(int index) {
 
 void FixedArray::set(int index, Smi* value) {
   ASSERT(map() != HEAP->fixed_cow_array_map());
+  ASSERT(index >= 0 && index < this->length());
   ASSERT(reinterpret_cast<Object*>(value)->IsSmi());
   int offset = kHeaderSize + index * kPointerSize;
   WRITE_FIELD(this, offset, value);
Domain: Web Framework / Web Engine;