mirror of
https://github.com/tc39/test262.git
synced 2025-10-31 03:34:08 +01:00
23 lines
557 B
JavaScript
23 lines
557 B
JavaScript
// Copyright 2018 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax --expose-gc
|
|
|
|
for (var i = 0; i < 3; i++) {
|
|
var array = new BigInt64Array(200);
|
|
|
|
function evil_callback() {
|
|
%ArrayBufferDetach(array.buffer);
|
|
gc();
|
|
return 1094795585n;
|
|
}
|
|
|
|
var evil_object = {valueOf: evil_callback};
|
|
var root;
|
|
try {
|
|
root = BigInt64Array.of.call(function() { return array }, evil_object);
|
|
} catch(e) {}
|
|
gc();
|
|
}
|