From 6b1dd6b268415e0f652fe2a0d64088b2d72ce194 Mon Sep 17 00:00:00 2001
From: "yangguo@chromium.org" <yangguo@chromium.org>
Date: Thu, 28 Aug 2014 11:45:20 +0000
Subject: [PATCH] Fix rare access violation during JS heap serialization.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/510013002

Patch from Slava Chigrin <vchigrin@yandex-team.ru>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23488 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/serialize.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/serialize.cc b/src/serialize.cc
index 395e6fd..320ad75 100644
--- a/src/serialize.cc
+++ b/src/serialize.cc
@@ -1532,7 +1532,8 @@ void Serializer::ObjectSerializer::VisitPointers(Object** start,
           current_contents == current[-1]) {
         DCHECK(!serializer_->isolate()->heap()->InNewSpace(current_contents));
         int repeat_count = 1;
-        while (current < end - 1 && current[repeat_count] == current_contents) {
+        while (&current[repeat_count] < end - 1 &&
+               current[repeat_count] == current_contents) {
           repeat_count++;
         }
         current += repeat_count;
-- 
2.7.4