From: sgjesse@chromium.org <sgjesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Fri, 21 Aug 2009 08:44:21 +0000 (+0000)
Subject: Fix a GC issue.
X-Git-Tag: upstream/4.7.83~23415
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=88588df8c51669f3f78ca1d4e15cf87e6fccf5dd;p=platform%2Fupstream%2Fv8.git

Fix a GC issue.

When descriptor arrays where allocated with the initial map the handling of allocation failures was not correct. This could cause the map returned could possible have been collected.
Review URL: http://codereview.chromium.org/173188

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---

diff --git a/src/heap.cc b/src/heap.cc
index 9b55e07..e778c96 100644
--- a/src/heap.cc
+++ b/src/heap.cc
@@ -2089,8 +2089,9 @@ Object* Heap::AllocateInitialMap(JSFunction* fun) {
     if (count > in_object_properties) {
       count = in_object_properties;
     }
-    DescriptorArray* descriptors = *Factory::NewDescriptorArray(count);
-    if (descriptors->IsFailure()) return descriptors;
+    Object* descriptors_obj = DescriptorArray::Allocate(count);
+    if (descriptors_obj->IsFailure()) return descriptors_obj;
+    DescriptorArray* descriptors = DescriptorArray::cast(descriptors_obj);
     for (int i = 0; i < count; i++) {
       String* name = fun->shared()->GetThisPropertyAssignmentName(i);
       ASSERT(name->IsSymbol());