| Summary: | Assertion "SHOULD NEVER BE REACHED" when returning DataView from species constructor in TypedArray#slice | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | André Bargull <andre.bargull> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW --- | ||
| Severity: | Normal | CC: | keith_miller, mark.lam, saam, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Local Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
SVN: rev210506 Build with: perl Tools/Scripts/build-jsc --gtk --debug Executing the following test case leads to this assertion: --- SHOULD NEVER BE REACHED ../../Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h(506) : JSC::EncodedJSValue JSC::genericTypedArrayViewProtoFuncSlice(JSC::VM&, JSC::ExecState*) [with ViewClass = JSC::JSGenericTypedArrayView<JSC::Int8Adaptor>; JSC::EncodedJSValue = long int] 1 0x7ffff6d6ab21 /home/andre/svn/webkit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x7ffff6d6ab21] 2 0x7ffff6baead3 /home/andre/svn/webkit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC35genericTypedArrayViewProtoFuncSliceINS_23JSGenericTypedArrayViewINS_11Int8AdaptorEEEEElRNS_2VMEPNS_9ExecStateE+0x9b8) [0x7ffff6baead3] 3 0x7ffff6b92879 /home/andre/svn/webkit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x2635879) [0x7ffff6b92879] 4 0x7fffaf3ff028 [0x7fffaf3ff028] --- Test case: --- var ta = new Int8Array([1, 2, 3, 4]); ta.constructor = { [Symbol.species]: function() { return new DataView(ta.buffer); } }; ta.slice(0, 2); ---