Bug 80285

Summary: TypedArray subarray call for subarray does not clamp the end index parameter properly
Product: WebKit Reporter: Ulan Degenbaev <ulan>
Component: WebGLAssignee: Ulan Degenbaev <ulan>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, kbr, oliver, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Ulan Degenbaev
Reported 2012-03-05 07:41:28 PST
In the following example the length of ar3 should be 2, but both Safari and Chrome return 7. var ar1 = new Uint8Array(10); var ar2 = ar1.subarray(0, 5); var ar3 = ar2.subarray(3, 10); alert(ar3.length); // returns 7, expected 2 For details see http://code.google.com/p/chromium/issues/detail?id=114966
Attachments
Patch (6.04 KB, patch)
2012-03-05 08:17 PST, Ulan Degenbaev 		no flags
DetailsFormatted DiffDiff
Patch (6.61 KB, patch)
2012-03-06 03:48 PST, Ulan Degenbaev 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ulan Degenbaev
Comment 1 2012-03-05 08:17:20 PST
Created attachment 130143 [details] Patch
Kenneth Russell
Comment 2 2012-03-05 12:00:26 PST
Comment on attachment 130143 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=130143&action=review Thanks for fixing this. Looks fine aside from the ChangeLog; could you please fix and re-upload? > ChangeLog:10 > + * Source/JavaScriptCore/wtf/ArrayBufferView.h: This is the wrong ChangeLog to modify. You probably have an incomplete WebKit checkout; see http://dev.chromium.org/ for instructions on how to use a full WebKit checkout within your Chromium tree. You should see edits in Source/JavaScriptCore/ChangeLog and LayoutTests/ChangeLog.
Ulan Degenbaev
Comment 3 2012-03-06 03:48:33 PST
Created attachment 130349 [details] Patch
Ulan Degenbaev
Comment 4 2012-03-06 03:56:59 PST
Comment on attachment 130143 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=130143&action=review >> ChangeLog:10 >> + * Source/JavaScriptCore/wtf/ArrayBufferView.h: > > This is the wrong ChangeLog to modify. You probably have an incomplete WebKit checkout; see http://dev.chromium.org/ for instructions on how to use a full WebKit checkout within your Chromium tree. You should see edits in Source/JavaScriptCore/ChangeLog and LayoutTests/ChangeLog. Sorry for that, I uploaded a new patch set. I had a full WebKit checkout, but the script was computing relative names of changed files incorrectly for some reason.
Kenneth Russell
Comment 5 2012-03-06 05:01:24 PST
Comment on attachment 130349 [details] Patch Great. Thank you again for fixing this. r=me
WebKit Review Bot
Comment 6 2012-03-06 07:31:07 PST
Comment on attachment 130349 [details] Patch Clearing flags on attachment: 130349 Committed r109918: <http://trac.webkit.org/changeset/109918>
WebKit Review Bot
Comment 7 2012-03-06 07:31:11 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.