commit | 879f6599eee6e1dfcbe9a24bf688b261c03e9558 | [log] [tgz] |
---|---|---|
author | jbroman <jbroman@chromium.org> | Tue Nov 15 22:42:40 2016 |
committer | Commit bot <commit-bot@chromium.org> | Tue Nov 15 22:43:19 2016 |
tree | 06a488063ea526ceb648f7c664e445708ab0b6d8 | |
parent | e80cfa000b5be9ee92b9fd95ebe63cb2da63c553 [diff] |
Initialize internal fields in Factory::NewJSTypedArray and NewJSDataView. This was causing array buffer views created by ValueDeserializer to have uninitialized internal fields, which lead to crashes in layout tests when Blink tried to read those fields. For array buffers, JSArrayBuffer::Setup is responsible for this logic (as well as initializing the V8 fields); this is similar to that. The runtime already seems to correctly initialize these for script-created array buffer views as well, which is why this issue was not detected sooner. Review-Url: https://codereview.chromium.org/2498413002 Cr-Commit-Position: refs/heads/master@{#41014}
V8 is Google's open source JavaScript engine.
V8 implements ECMAScript as specified in ECMA-262.
V8 is written in C++ and is used in Google Chrome, the open source browser from Google.
V8 can run standalone, or can be embedded into any C++ application.
V8 Project page: https://github.com/v8/v8/wiki
Checkout depot tools, and run
fetch v8
This will checkout V8 into the directory v8
and fetch all of its dependencies. To stay up to date, run
git pull origin gclient sync
For fetching all branches, add the following into your remote configuration in .git/config
:
fetch = +refs/branch-heads/*:refs/remotes/branch-heads/* fetch = +refs/tags/*:refs/tags/*
Please follow the instructions mentioned on the V8 wiki.