projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8547d08)
Fix off-by-one-pointer error in an ASSERT inside DeferredHandles::Iterate.
authorsanjoy@chromium.org <sanjoy@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Mon, 16 Jul 2012 13:00:57 +0000 (13:00 +0000)
committersanjoy@chromium.org <sanjoy@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Mon, 16 Jul 2012 13:00:57 +0000 (13:00 +0000)
This will crash v8 in debug mode if the compilation prologue allocates
an exact multiple of kHandleBlockSize handles.

BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10689191

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/api.cc patch | blob | history

diff --git a/src/api.cc b/src/api.cc
index 4b1a3a1..72dfc64 100644 (file)
--- a/src/api.cc
+++ b/src/api.cc
@@ -6514,7 +6514,7 @@ void DeferredHandles::Iterate(ObjectVisitor* v) {
   ASSERT(!blocks_.is_empty());
 
   ASSERT((first_block_limit_ >= blocks_.first()) &&
-         (first_block_limit_ < &(blocks_.first())[kHandleBlockSize]));
+         (first_block_limit_ <= &(blocks_.first())[kHandleBlockSize]));
 
   v->VisitPointers(blocks_.first(), first_block_limit_);
 
Domain: Web Framework / Web Engine;