AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
32346aaea0
v8/test/mjsunit/regress/regress-crbug-380671.js
jkummerow b40a22dc87 Robustify NewNumberFromSize against int-overflow on cast 
As luck would have it, there doesn't seem to be a way to trigger
observable misbehavior currently (only with special flags).

BUG=chromium:380671
LOG=n
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1588013002

Cr-Commit-Position: refs/heads/master@{#33305}
2016-01-14 17:24:07 +00:00

9 lines
295 B
JavaScript
Raw Blame History

// Copyright 2015 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --mock-arraybuffer-allocator
var buffer = new ArrayBuffer(0xc0000000);
assertEquals(0xc0000000, buffer.byteLength);
Reference in New Issue View Git Blame Copy Permalink