Update V8 to r6122 (2.5 branch) as required by Chromium 9.0.597.55 Change-Id: Ia29dad551dd0cd7fa3c4d5084421f91d8b210271

commit: db5a90a88cfcddb042912799e872037c6548b8a3 [log] [tgz]
author: Ben Murdoch <benm@google.com> Thu Jan 06 18:27:03 2011 +0000
committer: Ben Murdoch <benm@google.com> Thu Jan 06 18:27:03 2011 +0000
tree: 9814507a4747f3a2a18f373136c8afc07833e296
parent: 84594822a6e163d90d09c0b2a1f0e6502adf4686 [diff] [blame]
diff --git a/src/arm/codegen-arm.cc b/src/arm/codegen-arm.cc
index 27e14df..06a4341 100644
--- a/src/arm/codegen-arm.cc
+++ b/src/arm/codegen-arm.cc

@@ -5672,6 +5672,12 @@
   __ tst(tmp2, Operand(kSmiTagMask));
   deferred->Branch(nz);
 
+  // Check that both indices are valid.
+  __ ldr(tmp2, FieldMemOperand(object, JSArray::kLengthOffset));
+  __ cmp(tmp2, index1);
+  __ cmp(tmp2, index2, hi);
+  deferred->Branch(ls);
+
   // Bring the offsets into the fixed array in tmp1 into index1 and
   // index2.
   __ mov(tmp2, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
commit	db5a90a88cfcddb042912799e872037c6548b8a3	[log] [tgz]
author	Ben Murdoch <benm@google.com>	Thu Jan 06 18:27:03 2011 +0000
committer	Ben Murdoch <benm@google.com>	Thu Jan 06 18:27:03 2011 +0000
tree	9814507a4747f3a2a18f373136c8afc07833e296
parent	84594822a6e163d90d09c0b2a1f0e6502adf4686 [diff] [blame]