Off-by-one error in zapping objects after right trimming.

Review URL: https://chromiumcodereview.appspot.com/11013012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/objects.cc

@@ -2176,11 +2176,13 @@ enum RightTrimMode { FROM_GC, FROM_MUTATOR };
 static void ZapEndOfFixedArray(Address new_end, int to_trim) {
   // If we are doing a big trim in old space then we zap the space.
   Object** zap = reinterpret_cast<Object**>(new_end);
+  zap++;  // Header of filler must be at least one word so skip that.
   for (int i = 1; i < to_trim; i++) {
     *zap++ = Smi::FromInt(0);
   }
 }
 
+
 template<RightTrimMode trim_mode>
 static void RightTrimFixedArray(Heap* heap, FixedArray* elms, int to_trim) {
   ASSERT(elms->map() != HEAP->fixed_cow_array_map());