From 4b6ada0f55741f5d731fa788732e98657ca7b2bd Mon Sep 17 00:00:00 2001 From: "yurys@chromium.org" Date: Fri, 20 Dec 2013 07:33:22 +0000 Subject: [PATCH] Avoid SLOW_ASSERT when calling HeapGraphNode::GetChildrenCount It may occur that GetChildrenCount is called on the node which has no children and stored last in the internal nodes array. In that case HeapEntry::children_arr() would fail when taking address of the element at index children_index_ which is past the last element in the children's array. BUG=None LOG=N R=alph@chromium.org, ulan@chromium.org Review URL: https://codereview.chromium.org/112623005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18378 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/heap-snapshot-generator-inl.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/heap-snapshot-generator-inl.h b/src/heap-snapshot-generator-inl.h index 43002d2..582de32 100644 --- a/src/heap-snapshot-generator-inl.h +++ b/src/heap-snapshot-generator-inl.h @@ -59,7 +59,10 @@ int HeapEntry::set_children_index(int index) { HeapGraphEdge** HeapEntry::children_arr() { ASSERT(children_index_ >= 0); - return &snapshot_->children()[children_index_]; + SLOW_ASSERT(children_index_ < snapshot_->children().length() || + (children_index_ == snapshot_->children().length() && + children_count_ == 0)); + return &snapshot_->children().first() + children_index_; } -- 2.7.4