[cloneobjectic] initialize property array before filling it
This avoids leaving the heap in an invalid state if a GC occurs during population of the cloned property array, as is done in other IC builtins. BUG=chromium:904167, v8:7611 R=jkummerow@chromium.org, ishell@chromium.org Change-Id: I0350ed2d65b72e299f7109b7d5aa86331f60e940 Reviewed-on: https://chromium-review.googlesource.com/c/1350282 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#57879}
Showing
Please
register
or
sign in
to comment