From 88588df8c51669f3f78ca1d4e15cf87e6fccf5dd Mon Sep 17 00:00:00 2001
From: "sgjesse@chromium.org"
 <sgjesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Fri, 21 Aug 2009 08:44:21 +0000
Subject: [PATCH] Fix a GC issue.

When descriptor arrays where allocated with the initial map the handling of allocation failures was not correct. This could cause the map returned could possible have been collected.
Review URL: http://codereview.chromium.org/173188

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/heap.cc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/heap.cc b/src/heap.cc
index 9b55e0724..e778c9625 100644
--- a/src/heap.cc
+++ b/src/heap.cc
@@ -2089,8 +2089,9 @@ Object* Heap::AllocateInitialMap(JSFunction* fun) {
     if (count > in_object_properties) {
       count = in_object_properties;
     }
-    DescriptorArray* descriptors = *Factory::NewDescriptorArray(count);
-    if (descriptors->IsFailure()) return descriptors;
+    Object* descriptors_obj = DescriptorArray::Allocate(count);
+    if (descriptors_obj->IsFailure()) return descriptors_obj;
+    DescriptorArray* descriptors = DescriptorArray::cast(descriptors_obj);
     for (int i = 0; i < count; i++) {
       String* name = fun->shared()->GetThisPropertyAssignmentName(i);
       ASSERT(name->IsSymbol());
-- 
2.34.1