JsArray's bug

[GoogleCodeExporter]

What steps will reproduce the problem?
Try to execute the script code as below:
  var array = new Array();
  array.push("a");
  array.push("b");
  var len = array.length;

What is the expected output? What do you see instead?
The value of "len" must be 2,but actually it is 6.

What version of the product are you using? On what operating system?
1.0, windows xp sp2

Please provide any additional information below.

Original issue reported on code.google.com by zhangtao...@gmail.com on 24 Jul 2009 at 6:18

[GoogleCodeExporter]

The problem may be in JsArray.java:

public void copy(int from, JsArray target, int to, int len)
{
  ...
  for(int i = to + l; i < maxIdx; i++){
    target.setObject(i, null);
  }
}

This last loop is intended to clear part of the array, but setObject(null) 
would 
grow "target" as side effect, because stack pointer (up to maxIdx) is likely to 
be 
greater than your target array.

I have replace it with "target.objects[i] = null". 
It may not be correct though... but it is working so far for me. 

Original comment by dak...@gmail.com on 12 Oct 2009 at 12:54