-
Jakob Kummerow authored
The named LoadIC code was missing a check for "names" that convert to TypedArray indices. This was flushed out by the recent bump of the max TypedArray size from 2^32-1 to 2^32. Named StoreICs had the same bug; fixed here as well. Bug: v8:4153 Fixed: chromium:1104608 Change-Id: I6bd2552d6ccc238104f92e7b95d19970d4a75dae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2295606Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68840}
c90353e3
Name |
Last commit
|
Last update |
---|---|---|
.. | ||
benchmarks | ||
cctest | ||
common | ||
debugger | ||
debugging | ||
fuzzer | ||
fuzzilli | ||
inspector | ||
intl | ||
js-perf-test | ||
memory | ||
message | ||
mjsunit | ||
mkgrokdump | ||
mozilla | ||
test262 | ||
torque | ||
unittests | ||
wasm-api-tests | ||
wasm-js | ||
wasm-spec-tests | ||
webkit | ||
BUILD.gn | ||
OWNERS |