projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0b1e18c)
Fix rare access violation during JS heap serialization.
authoryangguo@chromium.org <yangguo@chromium.org>
Thu, 28 Aug 2014 11:45:20 +0000 (11:45 +0000)
committeryangguo@chromium.org <yangguo@chromium.org>
Thu, 28 Aug 2014 11:45:20 +0000 (11:45 +0000)
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/510013002

Patch from Slava Chigrin <vchigrin@yandex-team.ru>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23488 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/serialize.cc patch | blob | history

diff --git a/src/serialize.cc b/src/serialize.cc
index 395e6fd..320ad75 100644 (file)
--- a/src/serialize.cc
+++ b/src/serialize.cc
@@ -1532,7 +1532,8 @@ void Serializer::ObjectSerializer::VisitPointers(Object** start,
           current_contents == current[-1]) {
         DCHECK(!serializer_->isolate()->heap()->InNewSpace(current_contents));
         int repeat_count = 1;
-        while (current < end - 1 && current[repeat_count] == current_contents) {
+        while (&current[repeat_count] < end - 1 &&
+               current[repeat_count] == current_contents) {
           repeat_count++;
         }
         current += repeat_count;
Domain: Web Framework / Web Engine;