In the following example the length of ar3 should be 2, but both Safari and Chrome return 7. var ar1 = new Uint8Array(10); var ar2 = ar1.subarray(0, 5); var ar3 = ar2.subarray(3, 10); alert(ar3.length); // returns 7, expected 2 For details see http://code.google.com/p/chromium/issues/detail?id=114966
Created attachment 130143 [details] Patch
Comment on attachment 130143 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=130143&action=review Thanks for fixing this. Looks fine aside from the ChangeLog; could you please fix and re-upload? > ChangeLog:10 > + * Source/JavaScriptCore/wtf/ArrayBufferView.h: This is the wrong ChangeLog to modify. You probably have an incomplete WebKit checkout; see http://dev.chromium.org/ for instructions on how to use a full WebKit checkout within your Chromium tree. You should see edits in Source/JavaScriptCore/ChangeLog and LayoutTests/ChangeLog.
Created attachment 130349 [details] Patch
Comment on attachment 130143 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=130143&action=review >> ChangeLog:10 >> + * Source/JavaScriptCore/wtf/ArrayBufferView.h: > > This is the wrong ChangeLog to modify. You probably have an incomplete WebKit checkout; see http://dev.chromium.org/ for instructions on how to use a full WebKit checkout within your Chromium tree. You should see edits in Source/JavaScriptCore/ChangeLog and LayoutTests/ChangeLog. Sorry for that, I uploaded a new patch set. I had a full WebKit checkout, but the script was computing relative names of changed files incorrectly for some reason.
Comment on attachment 130349 [details] Patch Great. Thank you again for fixing this. r=me
Comment on attachment 130349 [details] Patch Clearing flags on attachment: 130349 Committed r109918: <http://trac.webkit.org/changeset/109918>
All reviewed patches have been landed. Closing bug.