mozilla-inbound: changeset 117052:47a6822f5e3f28436eabf6b1b065959234e02d90

author	Daniel Holbert <dholbert@cs.stanford.edu>
	Wed, 26 Dec 2012 09:29:19 -0800 (2012-12-26)
changeset 117052	47a6822f5e3f28436eabf6b1b065959234e02d90
parent 117051	d29b182e169ee1245729e2a45817e09b424df9de
child 117053	a4a6940f56450c6e94d38e33a9a5a9a56cb1b076
push id	20279
push user	dholbert@mozilla.com
push date	Wed, 26 Dec 2012 17:29:42 +0000 (2012-12-26)
treeherder	mozilla-inbound@47a6822f5e3f [default view] [failures only]
perfherder	[talos] [build metrics] [platform microbench] (compared to previous push)
reviewers	nbp
bugs	824648
milestone	20.0a1
first release with	nightly linux32 f2a500997116 / 20.0a1 / 20121228030811 / files nightly linux64 f2a500997116 / 20.0a1 / 20121228030811 / files nightly mac f2a500997116 / 20.0a1 / 20121228030811 / files nightly win32 f2a500997116 / 20.0a1 / 20121228030811 / files nightly win64 f2a500997116 / 20.0a1 / 20121228030811 / files
last release without	nightly linux32 d29b182e169e / 20.0a1 / 20121227030822 / files nightly linux64 d29b182e169e / 20.0a1 / 20121227030822 / files nightly mac d29b182e169e / 20.0a1 / 20121227030822 / files nightly win32 d29b182e169e / 20.0a1 / 20121227030822 / files nightly win64 d29b182e169e / 20.0a1 / 20121227030822 / files

--- a/js/src/ion/VMFunctions.cpp
+++ b/js/src/ion/VMFunctions.cpp
@@ -359,17 +359,18 @@ ArrayConcatDense(JSContext *cx, HandleOb
     if (!js::array_concat(cx, 1, argv))
         return NULL;
     return &argv[0].toObject();
 }
 
 bool
 CharCodeAt(JSContext *cx, HandleString str, int32_t index, uint32_t *code)
 {
-    JS_ASSERT(index < str->length());
+    JS_ASSERT(index >= 0 &&
+              static_cast<uint32_t>(index) < str->length());
 
     const jschar *chars = str->getChars(cx);
     if (!chars)
         return false;
 
     *code = chars[index];
     return true;
 }