38040 2010-04-23 02:12:15 -0700 WebCore::WebGLArrayInternal::lengthAttrGetter ReadAV@NULL (b1a3e1a3e9d01f17fd493d68eeb2742f) 2010-06-30 12:17:25 -0700 1 1 1 Unclassified WebKit WebGL 528+ (Nightly build) All All RESOLVED FIXED http://jssh.skypher.com/4.4/Main.html?command%3Dnew%20window.WebGLUnsignedIntArray().length;&execute P1 Normal --- 1 skylined kbr cmarrin dglazkov eric kbr oliver zmo oldest_to_newest 216346 0 skylined 2010-04-23 02:12:15 -0700 Repro: new window.WebGLUnsignedIntArray().length; Id: WebCore::WebGLArrayInternal::lengthAttrGetter ReadAV@NULL (b1a3e1a3e9d01f17fd493d68eeb2742f) Description: Attempt to read from NULL pointer in WebCore::WebGLArrayInternal::lengthAttrGetter 244856 1 kbr 2010-06-30 11:23:19 -0700 This crash occurs in both Safari and Chrome -- i.e., in both the JSC and V8 bindings. 244857 2 60136 kbr 2010-06-30 11:24:44 -0700 Created attachment 60136 Patch From the ChangeLog: Changed custom ArrayBufferView constructors to create a fully-initialized, zero-length array when called with zero arguments. This is the simplest fix which works identically in both the JSC and V8 bindings. 244867 3 60136 oliver 2010-06-30 11:47:21 -0700 Comment on attachment 60136 Patch r=me 244881 4 kbr 2010-06-30 12:17:25 -0700 Committed r62194: <http://trac.webkit.org/changeset/62194> 60136 2010-06-30 11:24:44 -0700 2010-06-30 11:47:21 -0700 Patch array-crash.patch text/plain 6106 kbr SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA2MjE5MikKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMjIgQEAKKzIwMTAtMDYtMzAgIEtlbm5ldGggUnVzc2VsbCAgPGtickBnb29nbGUu Y29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFdl YkNvcmU6OldlYkdMQXJyYXlJbnRlcm5hbDo6bGVuZ3RoQXR0ckdldHRlciBSZWFkQVZATlVMTCAo YjFhM2UxYTNlOWQwMWYxN2ZkNDkzZDY4ZWViMjc0MmYpCisgICAgICAgIGh0dHBzOi8vYnVncy53 ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0zODA0MAorCisgICAgICAgIENoYW5nZWQgY3VzdG9t IEFycmF5QnVmZmVyVmlldyBjb25zdHJ1Y3RvcnMgdG8gY3JlYXRlIGEKKyAgICAgICAgZnVsbHkt aW5pdGlhbGl6ZWQsIHplcm8tbGVuZ3RoIGFycmF5IHdoZW4gY2FsbGVkIHdpdGggemVybworICAg ICAgICBhcmd1bWVudHMuIFRoaXMgaXMgdGhlIHNpbXBsZXN0IGZpeCB3aGljaCB3b3JrcyBpZGVu dGljYWxseSBpbgorICAgICAgICBib3RoIHRoZSBKU0MgYW5kIFY4IGJpbmRpbmdzLgorCisgICAg ICAgIFRlc3Q6IGZhc3QvY2FudmFzL3dlYmdsL2FycmF5LWJ1ZmZlci12aWV3LWNyYXNoLmh0bWwK KworICAgICAgICAqIGJpbmRpbmdzL2pzL0pTQXJyYXlCdWZmZXJWaWV3SGVscGVyLmg6CisgICAg ICAgIChXZWJDb3JlOjpjb25zdHJ1Y3RBcnJheUJ1ZmZlclZpZXcpOgorICAgICAgICAqIGJpbmRp bmdzL3Y4L2N1c3RvbS9WOEFycmF5QnVmZmVyVmlld0N1c3RvbS5oOgorICAgICAgICAoV2ViQ29y ZTo6Y29uc3RydWN0V2ViR0xBcnJheSk6CisKIDIwMTAtMDYtMzAgIFZpY3RvciBXYW5nICA8dmlj dG9yd0BjaHJvbWl1bS5vcmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGFyaW4gRmlzaGVyLgpJ bmRleDogV2ViQ29yZS9iaW5kaW5ncy9qcy9KU0FycmF5QnVmZmVyVmlld0hlbHBlci5oCj09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KLS0tIFdlYkNvcmUvYmluZGluZ3MvanMvSlNBcnJheUJ1ZmZlclZpZXdIZWxwZXIuaAko cmV2aXNpb24gNjIxOTIpCisrKyBXZWJDb3JlL2JpbmRpbmdzL2pzL0pTQXJyYXlCdWZmZXJWaWV3 SGVscGVyLmgJKHdvcmtpbmcgY29weSkKQEAgLTk2LDkgKzk2LDE0IEBAIFBhc3NSZWZQdHI8QXJy YXlCdWZmZXJWaWV3PiBjb25zdHJ1Y3RBcnIKICAgICAvLwogICAgIFJlZlB0cjxDPiBhcnJheU9i amVjdDsKICAgICAKLSAgICAvLyBGb3IgdGhlIDAgYXJncyBjYXNlLCBqdXN0IGNyZWF0ZSBhbiBv YmplY3Qgd2l0aG91dCBhIGJ1ZmZlciAKKyAgICAvLyBGb3IgdGhlIDAgYXJncyBjYXNlLCBqdXN0 IGNyZWF0ZSBhIHplcm8tbGVuZ3RoIHZpZXcuIFdlIGNvdWxkCisgICAgLy8gY29uc2lkZXIgcmFp c2luZyBhIFN5bnRheEVycm9yIGZvciB0aGlzIGNhc2UsIGJ1dCBub3QgYWxsCisgICAgLy8gSmF2 YVNjcmlwdCBET00gYmluZGluZ3MgY2FuIGRpc3Rpbmd1aXNoIGJldHdlZW4gIm5ldworICAgIC8v IDxUeXBlPkFycmF5KCkiIGFuZCB3aGF0IG9jY3VycyB3aGVuIGEgcHJldmlvdXNseS1jb25zdHJ1 Y3RlZAorICAgIC8vIEFycmF5QnVmZmVyVmlldyBpcyByZXR1cm5lZCB0byBKYXZhU2NyaXB0OyBl LmcuLCBmcm9tCisgICAgLy8gImFycmF5LnNsaWNlKCkiLgogICAgIGlmIChleGVjLT5hcmd1bWVu dENvdW50KCkgPCAxKQotICAgICAgICByZXR1cm4gQzo6Y3JlYXRlKDAsIDAsIDApOworICAgICAg ICByZXR1cm4gQzo6Y3JlYXRlKDApOwogICAgIAogICAgIGlmIChleGVjLT5hcmd1bWVudCgwKS5p c051bGwoKSkgewogICAgICAgICAvLyBJbnZhbGlkIGZpcnN0IGFyZ3VtZW50CkluZGV4OiBXZWJD b3JlL2JpbmRpbmdzL3Y4L2N1c3RvbS9WOEFycmF5QnVmZmVyVmlld0N1c3RvbS5oCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT0KLS0tIFdlYkNvcmUvYmluZGluZ3MvdjgvY3VzdG9tL1Y4QXJyYXlCdWZmZXJWaWV3Q3VzdG9t LmgJKHJldmlzaW9uIDYyMTkyKQorKysgV2ViQ29yZS9iaW5kaW5ncy92OC9jdXN0b20vVjhBcnJh eUJ1ZmZlclZpZXdDdXN0b20uaAkod29ya2luZyBjb3B5KQpAQCAtNTAsMTIgKzUwLDIwIEBAIHY4 OjpIYW5kbGU8djg6OlZhbHVlPiBjb25zdHJ1Y3RXZWJHTEFycmEKICAgICBpbnQgYXJnTGVuID0g YXJncy5MZW5ndGgoKTsKICAgICBpZiAoYXJnTGVuID09IDApIHsKICAgICAgICAgLy8gVGhpcyBo YXBwZW5zIHdoZW4gd2UgcmV0dXJuIGEgcHJldmlvdXNseSBjb25zdHJ1Y3RlZAotICAgICAgICAv LyBBcnJheUJ1ZmZlclZpZXcsIGUuZy4gZnJvbSB0aGUgY2FsbCB0byBXZWJHTDxUPkFycmF5LnNs aWNlKCkuCisgICAgICAgIC8vIEFycmF5QnVmZmVyVmlldywgZS5nLiBmcm9tIHRoZSBjYWxsIHRv IDxUeXBlPkFycmF5LnNsaWNlKCkuCiAgICAgICAgIC8vIFRoZSBWOERPTVdyYXBwZXIgd2lsbCBz ZXQgdGhlIGludGVybmFsIHBvaW50ZXIgaW4gdGhlCiAgICAgICAgIC8vIGNyZWF0ZWQgb2JqZWN0 LiBVbmZvcnR1bmF0ZWx5IGl0IGRvZXNuJ3QgbG9vayBsaWtlIGl0J3MKICAgICAgICAgLy8gcG9z c2libGUgdG8gZGlzdGluZ3Vpc2ggYmV0d2VlbiB0aGlzIGNhc2UgYW5kIHRoYXQgd2hlcmUKLSAg ICAgICAgLy8gdGhlIHVzZXIgY2FsbHMgIm5ldyBXZWJHTDxUPkFycmF5KCkiIGZyb20gSmF2YVNj cmlwdC4KLSAgICAgICAgcmV0dXJuIGFyZ3MuSG9sZGVyKCk7CisgICAgICAgIC8vIHRoZSB1c2Vy IGNhbGxzICJuZXcgPFR5cGU+QXJyYXkoKSIgZnJvbSBKYXZhU2NyaXB0LiBXZSBtdXN0CisgICAg ICAgIC8vIGNvbnN0cnVjdCBhbiBlbXB0eSB2aWV3IHRvIGF2b2lkIGNyYXNoZXMgd2hlbiBmZXRj aGluZyB0aGUKKyAgICAgICAgLy8gbGVuZ3RoLgorICAgICAgICBSZWZQdHI8QXJyYXlDbGFzcz4g YXJyYXkgPSBBcnJheUNsYXNzOjpjcmVhdGUoMCk7CisgICAgICAgIC8vIFRyYW5zZm9ybSB0aGUg aG9sZGVyIGludG8gYSB3cmFwcGVyIG9iamVjdCBmb3IgdGhlIGFycmF5LgorICAgICAgICBWOERP TVdyYXBwZXI6OnNldERPTVdyYXBwZXIoYXJncy5Ib2xkZXIoKSwgdHlwZSwgYXJyYXkuZ2V0KCkp OworICAgICAgICAvLyBEbyBub3QgY2FsbCBTZXRJbmRleGVkUHJvcGVydGllc1RvRXh0ZXJuYWxB cnJheURhdGEgb24gdGhpcworICAgICAgICAvLyBvYmplY3QuIE5vdCBvbmx5IGlzIHRoZXJlIG5v IHBvaW50IGZyb20gYSBwZXJmb3JtYW5jZQorICAgICAgICAvLyBwZXJzcGVjdGl2ZSwgYnV0IGRv aW5nIHNvIGNhdXNlcyBlcnJvcnMgaW4gdGhlIHNsaWNlKCkgY2FzZS4KKyAgICAgICAgcmV0dXJu IHRvVjgoYXJyYXkucmVsZWFzZSgpLCBhcmdzLkhvbGRlcigpKTsKICAgICB9CiAKICAgICAvLyBT dXBwb3J0ZWQgY29uc3RydWN0b3JzOgpJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KLS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gNjIxOTIpCisrKyBMYXlv dXRUZXN0cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxOCBAQAorMjAxMC0w Ni0zMCAgS2VubmV0aCBSdXNzZWxsICA8a2JyQGdvb2dsZS5jb20+CisKKyAgICAgICAgUmV2aWV3 ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgV2ViQ29yZTo6V2ViR0xBcnJheUludGVy bmFsOjpsZW5ndGhBdHRyR2V0dGVyIFJlYWRBVkBOVUxMIChiMWEzZTFhM2U5ZDAxZjE3ZmQ0OTNk NjhlZWIyNzQyZikKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dp P2lkPTM4MDQwCisKKyAgICAgICAgQ2hhbmdlZCBjdXN0b20gQXJyYXlCdWZmZXJWaWV3IGNvbnN0 cnVjdG9ycyB0byBjcmVhdGUgYQorICAgICAgICBmdWxseS1pbml0aWFsaXplZCwgemVyby1sZW5n dGggYXJyYXkgd2hlbiBjYWxsZWQgd2l0aCB6ZXJvCisgICAgICAgIGFyZ3VtZW50cy4gVGhpcyBp cyB0aGUgc2ltcGxlc3QgZml4IHdoaWNoIHdvcmtzIGlkZW50aWNhbGx5IGluCisgICAgICAgIGJv dGggdGhlIEpTQyBhbmQgVjggYmluZGluZ3MuCisKKyAgICAgICAgKiBmYXN0L2NhbnZhcy93ZWJn bC9hcnJheS1idWZmZXItdmlldy1jcmFzaC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAq IGZhc3QvY2FudmFzL3dlYmdsL2FycmF5LWJ1ZmZlci12aWV3LWNyYXNoLmh0bWw6IEFkZGVkLgor CiAyMDEwLTA2LTMwICBTaGVyaWZmIEJvdCAgPHdlYmtpdC5yZXZpZXcuYm90QGdtYWlsLmNvbT4K IAogICAgICAgICBVbnJldmlld2VkLCByb2xsaW5nIG91dCByNjIxODIuCkluZGV4OiBMYXlvdXRU ZXN0cy9mYXN0L2NhbnZhcy93ZWJnbC9hcnJheS1idWZmZXItdmlldy1jcmFzaC1leHBlY3RlZC50 eHQKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvZmFzdC9jYW52YXMvd2ViZ2wvYXJyYXktYnVm ZmVyLXZpZXctY3Jhc2gtZXhwZWN0ZWQudHh0CShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMv ZmFzdC9jYW52YXMvd2ViZ2wvYXJyYXktYnVmZmVyLXZpZXctY3Jhc2gtZXhwZWN0ZWQudHh0CShy ZXZpc2lvbiAwKQpAQCAtMCwwICsxLDkgQEAKK1ZlcmlmeSB0aGF0IGNvbnN0cnVjdGluZyBhIHR5 cGVkIGFycmF5IHZpZXcgd2l0aCBubyBhcmd1bWVudHMgYW5kIGZldGNoaW5nIGl0cyBsZW5ndGgg ZG9lcyBub3QgY3Jhc2gKKworT24gc3VjY2VzcywgeW91IHdpbGwgc2VlIGEgc2VyaWVzIG9mICJQ QVNTIiBtZXNzYWdlcywgZm9sbG93ZWQgYnkgIlRFU1QgQ09NUExFVEUiLgorCitQQVNTIG5ldyBV aW50MzJBcnJheSgpLmxlbmd0aCBkaWQgbm90IGNyYXNoCitQQVNTIHN1Y2Nlc3NmdWxseVBhcnNl ZCBpcyB0cnVlCisKK1RFU1QgQ09NUExFVEUKKwpJbmRleDogTGF5b3V0VGVzdHMvZmFzdC9jYW52 YXMvd2ViZ2wvYXJyYXktYnVmZmVyLXZpZXctY3Jhc2guaHRtbAo9PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlv dXRUZXN0cy9mYXN0L2NhbnZhcy93ZWJnbC9hcnJheS1idWZmZXItdmlldy1jcmFzaC5odG1sCShy ZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFzdC9jYW52YXMvd2ViZ2wvYXJyYXktYnVmZmVy LXZpZXctY3Jhc2guaHRtbAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwyOCBAQAorPGh0bWw+Cis8 aGVhZD4KKzxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iLi4vLi4vanMvcmVzb3VyY2VzL2pz LXRlc3Qtc3R5bGUuY3NzIi8+Cis8c2NyaXB0IHNyYz0iLi4vLi4vanMvcmVzb3VyY2VzL2pzLXRl c3QtcHJlLmpzIj48L3NjcmlwdD4KKzxzY3JpcHQgc3JjPSJyZXNvdXJjZXMvd2ViZ2wtdGVzdC5q cyI+PC9zY3JpcHQ+Cis8L2hlYWQ+Cis8Ym9keT4KKzxkaXYgaWQ9ImRlc2NyaXB0aW9uIj48L2Rp dj4KKzxkaXYgaWQ9ImNvbnNvbGUiPjwvZGl2PgorCis8c2NyaXB0PgorCitkZXNjcmlwdGlvbign VmVyaWZ5IHRoYXQgY29uc3RydWN0aW5nIGEgdHlwZWQgYXJyYXkgdmlldyB3aXRoIG5vIGFyZ3Vt ZW50cyBhbmQgZmV0Y2hpbmcgaXRzIGxlbmd0aCBkb2VzIG5vdCBjcmFzaCcpOworCis8IS0tIFRo ZSBmb2xsb3dpbmcgdXNlZCB0byBjYXVzZSBhIGNyYXNoIGluIGJvdGggU2FmYXJpIGFuZCBDaHJv bWUgLS0+CituZXcgVWludDMyQXJyYXkoKS5sZW5ndGg7CisKK3Rlc3RQYXNzZWQoIm5ldyBVaW50 MzJBcnJheSgpLmxlbmd0aCBkaWQgbm90IGNyYXNoIik7CitzdWNjZXNzZnVsbHlQYXJzZWQgPSB0 cnVlOworCis8L3NjcmlwdD4KKzxzY3JpcHQgc3JjPSIuLi8uLi9qcy9yZXNvdXJjZXMvanMtdGVz dC1wb3N0LmpzIj48L3NjcmlwdD4KKworPHNjcmlwdD4KKzwvc2NyaXB0PgorCis8L2JvZHk+Cis8 L2h0bWw+Cg==