Fix rare access violation during JS heap serialization.

R=yangguo@chromium.org Review URL: https://codereview.chromium.org/510013002 Patch from Slava Chigrin <vchigrin@yandex-team.ru>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23488 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix rare access violation during JS heap serialization.
R=yangguo@chromium.org Review URL: https://codereview.chromium.org/510013002 Patch from Slava Chigrin <vchigrin@yandex-team.ru>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23488 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
6b1dd6b2 · yangguo@chromium.org · 0b1e18c2 · 6b1dd6b2
Commit 6b1dd6b2 authored Aug 28, 2014 by yangguo@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

serialize.cc src/serialize.cc +2 -1

No files found.
--- a/src/serialize.cc
+++ b/src/serialize.cc
@@ -1532,7 +1532,8 @@ void Serializer::ObjectSerializer::VisitPointers(Object** start,
          current_contents == current[-1]) {
        DCHECK(!serializer_->isolate()->heap()->InNewSpace(current_contents));
        int repeat_count = 1;
-        while (current < end - 1 && current[repeat_count] == current_contents) {
+        while (&current[repeat_count] < end - 1 &&
+               current[repeat_count] == current_contents) {
          repeat_count++;
        }
        current += repeat_count;