Fix a GC issue.

When descriptor arrays where allocated with the initial map the handling of allocation failures was not correct. This could cause the map returned could possible have been collected.
Review URL: http://codereview.chromium.org/173188

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/heap.cc b/src/heap.cc
index 9b55e07..e778c96 100644 (file)
--- a/src/heap.cc
+++ b/src/heap.cc
@@ -2089,8 +2089,9 @@ Object* Heap::AllocateInitialMap(JSFunction* fun) {
     if (count > in_object_properties) {
       count = in_object_properties;
     }
-    DescriptorArray* descriptors = *Factory::NewDescriptorArray(count);
-    if (descriptors->IsFailure()) return descriptors;
+    Object* descriptors_obj = DescriptorArray::Allocate(count);
+    if (descriptors_obj->IsFailure()) return descriptors_obj;
+    DescriptorArray* descriptors = DescriptorArray::cast(descriptors_obj);
     for (int i = 0; i < count; i++) {
       String* name = fun->shared()->GetThisPropertyAssignmentName(i);
       ASSERT(name->IsSymbol());