[runtime] Remove extra pointer from JSTypedArray layout.

We never read this pointer, and it could cause crashes when the GC inspects it. Bug: v8:6956 Change-Id: Ib493c2f0418de3e89975fd1f5a7e86cc66868ec7 Reviewed-on: https://chromium-review.googlesource.com/725331Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#48681}

[runtime] Remove extra pointer from JSTypedArray layout.
We never read this pointer, and it could cause crashes when the GC inspects it. Bug: v8:6956 Change-Id: Ib493c2f0418de3e89975fd1f5a7e86cc66868ec7 Reviewed-on: https://chromium-review.googlesource.com/725331Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#48681}
c7d1c7b7 · Peter Marshall · Commit Bot · 2d80e841 · c7d1c7b7
Commit c7d1c7b7 authored Oct 18, 2017 by Peter Marshall Committed by Commit Bot Oct 18, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

js-array.h src/objects/js-array.h +1 -1

No files found.
--- a/src/objects/js-array.h
+++ b/src/objects/js-array.h
@@ -306,7 +306,7 @@ class JSTypedArray : public JSArrayBufferView {
  DECL_PRINTER(JSTypedArray)
  DECL_VERIFIER(JSTypedArray)

-  static const int kLengthOffset = kViewSize + kPointerSize;
+  static const int kLengthOffset = kViewSize;
  static const int kSize = kLengthOffset + kPointerSize;

  static const int kSizeWithEmbedderFields =