projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 322a474)
Allow to neuter array buffer twice in tests.
authordslomov@chromium.org <dslomov@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Tue, 25 Mar 2014 12:55:10 +0000 (12:55 +0000)
committerdslomov@chromium.org <dslomov@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Tue, 25 Mar 2014 12:55:10 +0000 (12:55 +0000)
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/209083005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/runtime.cc patch | blob | history
test/mjsunit/neuter-twice.js [new file with mode: 0644] patch | blob

diff --git a/src/runtime.cc b/src/runtime.cc
index d68c8c4..35f4c94 100644 (file)
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -911,6 +911,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_ArrayBufferIsView) {
 RUNTIME_FUNCTION(MaybeObject*, Runtime_ArrayBufferNeuter) {
   HandleScope scope(isolate);
   CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, array_buffer, 0);
+  if (array_buffer->backing_store() == NULL) {
+    CHECK(Smi::FromInt(0) == array_buffer->byte_length());
+    return isolate->heap()->undefined_value();
+  }
   ASSERT(!array_buffer->is_external());
   void* backing_store = array_buffer->backing_store();
   size_t byte_length = NumberToSize(isolate, array_buffer->byte_length());
diff --git a/test/mjsunit/neuter-twice.js b/test/mjsunit/neuter-twice.js
new file mode 100644 (file)
index 0000000..3501cee
--- /dev/null
+++ b/test/mjsunit/neuter-twice.js
@@ -0,0 +1,9 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+var ab = new ArrayBuffer(100);
+%ArrayBufferNeuter(ab);
+%ArrayBufferNeuter(ab);
Domain: Web Framework / Web Engine;