Commit 5f6f4d96 authored by danno@chromium.org's avatar danno@chromium.org

Add missing bounds check in FixedArray::set for smis

R=svenpanne@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/7564010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent b05ff5e0
...@@ -1612,6 +1612,7 @@ Object* FixedArray::get(int index) { ...@@ -1612,6 +1612,7 @@ Object* FixedArray::get(int index) {
void FixedArray::set(int index, Smi* value) { void FixedArray::set(int index, Smi* value) {
ASSERT(map() != HEAP->fixed_cow_array_map()); ASSERT(map() != HEAP->fixed_cow_array_map());
ASSERT(index >= 0 && index < this->length());
ASSERT(reinterpret_cast<Object*>(value)->IsSmi()); ASSERT(reinterpret_cast<Object*>(value)->IsSmi());
int offset = kHeaderSize + index * kPointerSize; int offset = kHeaderSize + index * kPointerSize;
WRITE_FIELD(this, offset, value); WRITE_FIELD(this, offset, value);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment