Bug 31889 - [v8] WebCore::WebGLArrayBufferInternal::byteLengthAttrGetter NULL pointer
Summary: [v8] WebCore::WebGLArrayBufferInternal::byteLengthAttrGetter NULL pointer
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebGL (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Kenneth Russell
URL: http://skypher.com/SkyLined/Repro/Web...
Keywords:
Depends on:
Blocks:
 
Reported: 2009-11-25 13:45 PST by Berend-Jan Wever
Modified: 2009-12-07 11:36 PST (History)
7 users (show)

See Also:


Attachments
Repro (57 bytes, text/html)
2009-11-25 13:45 PST, Berend-Jan Wever
no flags Details
Patch (5.84 KB, patch)
2009-12-04 19:36 PST, Kenneth Russell
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Berend-Jan Wever 2009-11-25 13:45:35 PST
Created attachment 43870 [details]
Repro

Repro:
<SCRIPT>
  new WebGLArrayBuffer().byteLength;
</SCRIPT>
Comment 1 Kenneth Russell 2009-12-03 19:01:47 PST
This is a Chromium-specific bug.

There is confusion in the V8 bindings between the case where you fetch a preexisting WebGLArrayBuffer object (for example, WebGLArray.buffer) or call the WebGLArrayBuffer constructor with no arguments (new WebGLArrayBuffer()). As far as I know, there is currently no way to distinguish between these two cases, so we guess incorrectly and end up with a partially initialized JavaScript object.

I'll need to consult with the V8 team to understand how to fix this issue. In the interim, I'm lowering this to P2 because it isn't the highest priority issue.
Comment 2 Berend-Jan Wever 2009-12-04 01:33:48 PST
Then maybe we should close this bug and use the Chrome bug (http://code.google.com/p/chromium/issues/detail?id=28821) to track it, or open a new v8 bug?
Comment 3 Kenneth Russell 2009-12-04 19:30:43 PST
This is definitely the right place for this bug since any fix will have to go into the WebKit repository.

After looking more at the JSC bindings I see what I was doing incorrectly in the V8 bindings for this constructor. Patch to follow.
Comment 4 Kenneth Russell 2009-12-04 19:36:04 PST
Created attachment 44347 [details]
Patch

Fixed bug in handling of zero-argument constructor call.
Comment 5 WebKit Review Bot 2009-12-04 19:40:39 PST
style-queue ran check-webkit-style on attachment 44347 [details] without any errors.
Comment 6 Dimitri Glazkov (Google) 2009-12-07 10:44:20 PST
Comment on attachment 44347 [details]
Patch

r=me.
Comment 7 WebKit Commit Bot 2009-12-07 11:36:43 PST
Comment on attachment 44347 [details]
Patch

Clearing flags on attachment: 44347

Committed r51785: <http://trac.webkit.org/changeset/51785>
Comment 8 WebKit Commit Bot 2009-12-07 11:36:49 PST
All reviewed patches have been landed.  Closing bug.