From 9977abb42ae9bce6089e3a4e717cc6f8d73e7155 Mon Sep 17 00:00:00 2001
From: "erik.corry@gmail.com"
 <erik.corry@gmail.com@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Mon, 13 Dec 2010 10:09:09 +0000
Subject: [PATCH] Fix incorrect assumption about young/old space allocation in
 JSON stringify (introduced in r5951). Review URL:
 http://codereview.chromium.org/5746005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5976 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/runtime.cc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/runtime.cc b/src/runtime.cc
index af40e983b9a..c5ac0821536 100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -4689,6 +4689,13 @@ static MaybeObject* QuoteJsonString(Vector<const Char> characters) {
   if (!new_alloc->ToObject(&new_object)) {
     return new_alloc;
   }
+  if (!Heap::new_space()->Contains(new_object)) {
+    // Even if our string is small enough to fit in new space we still have to
+    // handle it being allocated in old space as may happen in the third
+    // attempt.  See CALL_AND_RETRY in heap-inl.h and similar code in
+    // CEntryStub::GenerateCore.  
+    return SlowQuoteJsonString<Char, StringType>(characters);
+  }
   StringType* new_string = StringType::cast(new_object);
   ASSERT(Heap::new_space()->Contains(new_string));