|Summary:||JSArrayBufferViews of length 0 allocate 0 CopiedSpace bytes, which is invalid|
|Product:||WebKit||Reporter:||Mark Hahnenberg <mhahnenberg>|
|Version:||528+ (Nightly build)|
|Bug Depends on:|
Description Mark Hahnenberg 2013-11-04 10:14:39 PST
We have 3 options here: (1) Allow clients to allocate 0 bytes and return NULL when they do. This is less than ideal because it adds an extra null check to the fast path for CopiedSpace allocation. (2) Allow clients to allocate 0 bytes and do no special checks (i.e. return a valid pointer to some CopiedBlock). This is the worst of the three options because clients are already not allowed to copy allocations of size 0, so they would have a valid pointer that they could do nothing with and which would eventually point to invalid memory when the CopiedBlock was thrown away without updating the pointer. All in all, not a good idea. (3) Disallow clients from allocating 0 bytes. Enforce with a RELEASE_ASSERT in C++ code and breakpoints in JIT code. This is probably the way to go. Clients who care about 0-byte allocations must handle that case themselves, but we don't punish anybody else for the rare case that somebody decides to allocate a 0-length typed array. It also makes the allocation and copying cases consistent for CopiedSpace: no 0-byte allocations, no 0-byte copying.
Comment 3 Mark Hahnenberg 2013-11-04 11:35:35 PST
(In reply to comment #2) > Created an attachment (id=215936) [details] > Patch Forgot to svn add the new test, uploading new version...
Comment 4 Geoffrey Garen 2013-11-04 11:39:32 PST
Comment 5 Mark Hahnenberg 2013-11-04 11:42:24 PST
Comment 6 Mark Hahnenberg 2013-11-04 11:50:11 PST
Committed r158583: <http://trac.webkit.org/changeset/158583>
Comment 7 Mark Hahnenberg 2013-11-04 13:22:54 PST
Reopening because Phil has beef.
Comment 8 Alexey Proskuryakov 2013-11-04 22:19:37 PST
Marking as blocking bug 122679, because this prevents running a WebCrypto test suite.
Comment 9 Alexey Proskuryakov 2013-11-22 16:09:33 PST
Can we track the remaining issues in a separate bug? It doesn't seem right that this bug blocks WebCrypto at this point.