From 9f04c321d7d390c3006ced0b3cfd2f2ceb50a13e Mon Sep 17 00:00:00 2001
From: "sanjoy@chromium.org"
 <sanjoy@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Mon, 16 Jul 2012 13:00:57 +0000
Subject: [PATCH] Fix off-by-one-pointer error in an ASSERT inside
 DeferredHandles::Iterate.

This will crash v8 in debug mode if the compilation prologue allocates
an exact multiple of kHandleBlockSize handles.

BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10689191

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12095 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/api.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/api.cc b/src/api.cc
index 4b1a3a1..72dfc64 100644
--- a/src/api.cc
+++ b/src/api.cc
@@ -6514,7 +6514,7 @@ void DeferredHandles::Iterate(ObjectVisitor* v) {
   ASSERT(!blocks_.is_empty());
 
   ASSERT((first_block_limit_ >= blocks_.first()) &&
-         (first_block_limit_ < &(blocks_.first())[kHandleBlockSize]));
+         (first_block_limit_ <= &(blocks_.first())[kHandleBlockSize]));
 
   v->VisitPointers(blocks_.first(), first_block_limit_);
 
-- 
2.7.4