24268 2009-02-28 23:54:10 -0800 RuntimeArray is not a fully implemented JSArray 2009-03-08 03:47:52 -0700 1 1 1 Unclassified WebKit WebCore JavaScript 528+ (Nightly build) Mac OS X 10.5 RESOLVED FIXED P2 Normal --- 1 sofromv oliver oliver oldest_to_newest 111673 0 sofromv 2009-02-28 23:54:10 -0800 RuntimeArray class from WebCore/bridge has the class info parent JSArray::info. Therefore, it will be treated like a JSArray in function arrayProtoFuncConcat from JavaScriptCore::ArrayPrototype class. When an object of type RuntimeArray will be cast to JSArray, the cast will succeed, but the function arrayProtoFuncConcat will crash when attempting to call length method, that is implemented in JSArray but not in RuntimeArray. 111674 1 oliver 2009-03-01 00:01:43 -0800 The issue is relatively trivial to fix -- we shouldn't be blindly casting to a JSArray just because an object descends from Array in JS. 111678 2 28136 oliver 2009-03-01 01:05:22 -0800 Created attachment 28136 Fixeration This fixes the error 111690 3 ap 2009-03-01 05:48:48 -0800 > arrayProtoFuncConcat will crash when attempting to call length method, that is Can a test case be written for this? 111691 4 oliver 2009-03-01 05:53:32 -0800 I'm unsure how to get a runtime array to be created... conceivably i could get drt to instantiate a fabricated class that just claimed to be a JSArray. Will look into it. 111717 5 28136 darin 2009-03-01 10:52:26 -0800 Comment on attachment 28136 Fixeration I'm not going to say review+ because I think this needs a regression test. 112774 6 oliver 2009-03-08 03:27:09 -0700 Making a testcase for this appears infeasible -- i've tried for afew hours just to make a java applet that is capable of scripting to no avail. I am honestly not surprised applets died given my experience with them. DRT is also unable to fudge an appropriate JS object as it doesn't have access to the required SPI. 112775 7 28136 zwarich 2009-03-08 03:32:48 -0700 Comment on attachment 28136 Fixeration r=me, although you should explain that you can't make a test in your ChangeLog. 112776 8 oliver 2009-03-08 03:47:46 -0700 Committing to http://svn.webkit.org/repository/webkit/trunk ... M JavaScriptCore/ChangeLog M JavaScriptCore/runtime/ArrayPrototype.cpp Committed r41518 28136 2009-03-01 01:05:22 -0800 2009-03-08 03:32:48 -0700 Fixeration concat-fix.patch text/plain 1474 oliver ZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZyBiL0phdmFTY3JpcHRDb3JlL0No YW5nZUxvZwppbmRleCA0MzZkY2JlLi5lM2E0NWMyIDEwMDY0NAotLS0gYS9KYXZhU2NyaXB0Q29y ZS9DaGFuZ2VMb2cKKysrIGIvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTYg QEAKKzIwMDktMDMtMDEgIE9saXZlciBIdW50ICA8b2xpdmVyQGFwcGxlLmNvbT4KKworICAgICAg ICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBCdWcgMjQyNjg6IFJ1bnRp bWVBcnJheSBpcyBub3QgYSBmdWxseSBpbXBsZW1lbnRlZCBKU0FycmF5CisgICAgICAgIDxodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjQyNjg+CisKKyAgICAgICAgRG9u J3QgY2FzdCBhIHR5cGUgdG8gSlNBcnJheSwganVzdCBiZWNhdXNlIGl0IHJlcG9ydHNBcnJheSBh cyBhIHN1cGVydHlwZQorICAgICAgICBpbiB0aGUgSlMgdHlwZSBzeXN0ZW0uCisKKyAgICAgICAg KiBydW50aW1lL0FycmF5UHJvdG90eXBlLmNwcDoKKyAgICAgICAgKEpTQzo6YXJyYXlQcm90b0Z1 bmNDb25jYXQpOgorCiAyMDA5LTAyLTI2ICBHYXZpbiBCYXJyYWNsb3VnaCAgPGJhcnJhY2xvdWdo QGFwcGxlLmNvbT4KIAogICAgICAgICBSZXZpZXdlZCBieSBHZW9mZiBHYXJlbi4KZGlmZiAtLWdp dCBhL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvQXJyYXlQcm90b3R5cGUuY3BwIGIvSmF2YVNjcmlw dENvcmUvcnVudGltZS9BcnJheVByb3RvdHlwZS5jcHAKaW5kZXggMWMzNTUyMS4uNmM0NGY0OCAx MDA2NDQKLS0tIGEvSmF2YVNjcmlwdENvcmUvcnVudGltZS9BcnJheVByb3RvdHlwZS5jcHAKKysr IGIvSmF2YVNjcmlwdENvcmUvcnVudGltZS9BcnJheVByb3RvdHlwZS5jcHAKQEAgLTI4Nyw4ICsy ODcsNyBAQCBKU1ZhbHVlUHRyIGFycmF5UHJvdG9GdW5jQ29uY2F0KEV4ZWNTdGF0ZSogZXhlYywg SlNPYmplY3QqLCBKU1ZhbHVlUHRyIHRoaXNWYWx1ZQogICAgIEFyZ0xpc3Q6OmNvbnN0X2l0ZXJh dG9yIGVuZCA9IGFyZ3MuZW5kKCk7CiAgICAgd2hpbGUgKDEpIHsKICAgICAgICAgaWYgKGN1ckFy Zy5pc09iamVjdCgmSlNBcnJheTo6aW5mbykpIHsKLSAgICAgICAgICAgIEpTQXJyYXkqIGN1ckFy cmF5ID0gYXNBcnJheShjdXJBcmcpOwotICAgICAgICAgICAgdW5zaWduZWQgbGVuZ3RoID0gY3Vy QXJyYXktPmxlbmd0aCgpOworICAgICAgICAgICAgdW5zaWduZWQgbGVuZ3RoID0gdGhpc09iai0+ Z2V0KGV4ZWMsIGV4ZWMtPnByb3BlcnR5TmFtZXMoKS5sZW5ndGgpLnRvVUludDMyKGV4ZWMpOwog ICAgICAgICAgICAgZm9yICh1bnNpZ25lZCBrID0gMDsgayA8IGxlbmd0aDsgKytrKSB7CiAgICAg ICAgICAgICAgICAgaWYgKEpTVmFsdWVQdHIgdiA9IGdldFByb3BlcnR5KGV4ZWMsIGN1ckFycmF5 LCBrKSkKICAgICAgICAgICAgICAgICAgICAgYXJyLT5wdXQoZXhlYywgbiwgdik7Cg==