c740616f92d7ff45c8dbe985fb3a288492fcec97 - fp2-dev/platform/external/chromium_org/v8

commit	c740616f92d7ff45c8dbe985fb3a288492fcec97	[log] [tgz]
author	danno@chromium.org <danno@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>	Mon Mar 26 09:46:02 2012 +0000
committer	danno@chromium.org <danno@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>	Mon Mar 26 09:46:02 2012 +0000
tree	a17e9b8ca104d08e19e305c8fc198125be6cc283
parent	b2a1c078e6f552a66c1426482a3d007b7ea7af7d [diff]

Merged r11133, r11134 into trunk branch.

Check double array bounds in HasElementImpl.

Fix missing write barrier in CopyObjectToObjectElements.

BUG=chromium:119925,chromium:119926

R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9856012

git-svn-id: http://v8.googlecode.com/svn/trunk@11136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/elements.cc[diff]
src/elements.h[diff]
src/objects.cc[diff]
src/version.cc[diff]
test/mjsunit/regress/regress-119925.js[Added - diff]
test/mjsunit/regress/regress-crbug-119926.js[Added - diff]

6 files changed

tree: a17e9b8ca104d08e19e305c8fc198125be6cc283

benchmarks/
build/
include/
preparser/
samples/
src/
test/
tools/
.gitignore
AUTHORS
ChangeLog
LICENSE
LICENSE.strongtalk
LICENSE.v8
LICENSE.valgrind
Makefile
SConstruct