Compare external pixel data length against Smi::kMaxValue

BUG=chromium:359802
LOG=n
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/226133002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/api.cc

@@ -3741,8 +3741,7 @@ void v8::Object::SetIndexedPropertiesToPixelData(uint8_t* data, int length) {
   ON_BAILOUT(isolate, "v8::SetElementsToPixelData()", return);
   ENTER_V8(isolate);
   i::HandleScope scope(isolate);
-  if (!Utils::ApiCheck(length >= 0 &&
-                       length <= i::ExternalUint8ClampedArray::kMaxLength,
+  if (!Utils::ApiCheck(length >= 0 && length <= i::Smi::kMaxValue,
                        "v8::Object::SetIndexedPropertiesToPixelData()",
                        "length exceeds max acceptable value")) {
     return;
@@ -3798,7 +3797,7 @@ void v8::Object::SetIndexedPropertiesToExternalArrayData(
   ON_BAILOUT(isolate, "v8::SetIndexedPropertiesToExternalArrayData()", return);
   ENTER_V8(isolate);
   i::HandleScope scope(isolate);
-  if (!Utils::ApiCheck(length >= 0 && length <= i::ExternalArray::kMaxLength,
+  if (!Utils::ApiCheck(length >= 0 && length <= i::Smi::kMaxValue,
                        "v8::Object::SetIndexedPropertiesToExternalArrayData()",
                        "length exceeds max acceptable value")) {
     return;

src/objects.h

@@ -4700,9 +4700,6 @@ class ExternalArray: public FixedArrayBase {
   // Casting.
   static inline ExternalArray* cast(Object* obj);
 
-  // Maximal acceptable length for an external array.
-  static const int kMaxLength = 0x3fffffff;
-
   // ExternalArray headers are not quadword aligned.
   static const int kExternalPointerOffset =
       POINTER_SIZE_ALIGN(FixedArrayBase::kLengthOffset + kPointerSize);