RESOLVED FIXED129746
JSDataViewPrototype::getData() and setData() crash on platforms that don't allow unaligned accesses 
https://bugs.webkit.org/show_bug.cgi?id=129746
Summary JSDataViewPrototype::getData() and setData() crash on platforms that don't al...
Michael Saboff
Reported 2014-03-05 10:54:35 PST
In runtime/JSDataViewPrototype.cpp getData() and setData() us reinterpret_cast from uint8_t* to the various native data types needed to implement the various get*() and set*() DataView methods. For platforms that don't allow aligned accesses, this will cause a crash.
Attachments
Patch (20.57 KB, patch)
2014-03-05 11:18 PST, Michael Saboff 		fpizlo: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2014-03-05 11:18:08 PST
Created attachment 225894 [details] Patch
Filip Pizlo
Comment 2 2014-03-05 11:40:43 PST
Comment on attachment 225894 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=225894&action=review R=me if you add some squigles. > Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp:181 > if (needToFlipBytesIfLittleEndian(littleEndian)) > - value = flipBytes(value); > - > - *reinterpret_cast<typename Adaptor::Type*>(static_cast<uint8_t*>(dataView->vector()) + byteOffset) = value; > - > + for (unsigned i = dataSize; i--;) > + *dataPtr++ = u.rawBytes[i]; > + else > + for (unsigned i = 0; i < dataSize; i++) > + *dataPtr++ = u.rawBytes[i]; You need some squigly braces {} here.
Michael Saboff
Comment 3 2014-03-05 12:55:57 PST
Committed r165121: <http://trac.webkit.org/changeset/165121>
Note You need to log in before you can comment on or make changes to this bug.