[wasm-gc] Fix a bug in runtime array.copy

Bug: v8:7748 Change-Id: I1a9787514e105c70ab101aa035e6ee4ae2284ba3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041434Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#75844}

[wasm-gc] Fix a bug in runtime array.copy
Bug: v8:7748 Change-Id: I1a9787514e105c70ab101aa035e6ee4ae2284ba3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041434Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#75844}
e5bccf9b · Manos Koukoutos · V8 LUCI CQ · e312038d · e5bccf9b
Commit e5bccf9b authored Jul 20, 2021 by Manos Koukoutos Committed by V8 LUCI CQ Jul 21, 2021
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

runtime-wasm.cc src/runtime/runtime-wasm.cc +2 -1

No files found.
--- a/src/runtime/runtime-wasm.cc
+++ b/src/runtime/runtime-wasm.cc
@@ -663,7 +663,8 @@ RUNTIME_FUNCTION(Runtime_WasmArrayCopy) {
  CONVERT_UINT32_ARG_CHECKED(length, 4);
  bool overlapping_ranges =
      dst_array->ptr() == src_array->ptr() &&
-      (dst_index + length > src_index || src_index + length > dst_index);
+      (dst_index < src_index ? dst_index + length > src_index
+                             : src_index + length > dst_index);
  wasm::ValueType element_type = src_array->type()->element_type();
  if (element_type.is_reference()) {
    ObjectSlot dst_slot = dst_array->ElementSlot(dst_index);