Files · 879f6599eee6e1dfcbe9a24bf688b261c03e9558 · Linshizhi / V8

Initialize internal fields in Factory::NewJSTypedArray and NewJSDataView. · 879f6599

jbroman authored Nov 15, 2016

This was causing array buffer views created by ValueDeserializer to have
uninitialized internal fields, which lead to crashes in layout tests when
Blink tried to read those fields.

For array buffers, JSArrayBuffer::Setup is responsible for this logic
(as well as initializing the V8 fields); this is similar to that.

The runtime already seems to correctly initialize these for script-created
array buffer views as well, which is why this issue was not detected sooner.

Review-Url: https://codereview.chromium.org/2498413002
Cr-Commit-Position: refs/heads/master@{#41014}

879f6599

Name	Last commit	Last update
benchmarks		Loading commit data...
build_overrides		Loading commit data...
docs		Loading commit data...
gni		Loading commit data...
gypfiles		Loading commit data...
include		Loading commit data...
infra		Loading commit data...
samples		Loading commit data...
src		Loading commit data...
test		Loading commit data...
testing		Loading commit data...
third_party		Loading commit data...
tools		Loading commit data...
.clang-format		Loading commit data...
.gitignore		Loading commit data...
.gn		Loading commit data...
.ycm_extra_conf.py		Loading commit data...
AUTHORS		Loading commit data...
BUILD.gn		Loading commit data...
CODE_OF_CONDUCT.md		Loading commit data...
ChangeLog		Loading commit data...
DEPS		Loading commit data...
LICENSE		Loading commit data...
LICENSE.fdlibm		Loading commit data...
LICENSE.strongtalk		Loading commit data...
LICENSE.v8		Loading commit data...
LICENSE.valgrind		Loading commit data...
Makefile		Loading commit data...
Makefile.android		Loading commit data...
OWNERS		Loading commit data...
PRESUBMIT.py		Loading commit data...
README.md		Loading commit data...
WATCHLISTS		Loading commit data...
codereview.settings		Loading commit data...
snapshot_toolchain.gni		Loading commit data...

README.md