91587 – REGRESSION(r122345): HTMLCollection::length() sometimes returns a wrong value

RESOLVED FIXED 91587

REGRESSION(r122345): HTMLCollection::length() sometimes returns a wrong value

https://bugs.webkit.org/show_bug.cgi?id=91587

Summary REGRESSION(r122345): HTMLCollection::length() sometimes returns a wrong value

Ryosuke Niwa

Reported 2012-07-17 23:26:17 PDT

Due to a bug in HTMLCollection::itemBeforeOrAfterCachedItem, HTMLCollection::length may return a wrong value (1 less than the actual length) sometimes on any port that uses V8 bindings or Objective-C bindings. This problem doesn't reproduce with JSC bindings because we call length() first and that sets the correct cached value. http://code.google.com/p/chromium/issues/detail?id=137488

Attachments
Fixes the bug (4.36 KB, patch) 2012-07-17 23:39 PDT, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Updated for ToT (4.36 KB, patch) 2012-07-17 23:44 PDT, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Fixed per benjaminp's comment on IRC (4.41 KB, patch) 2012-07-17 23:50 PDT, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Ryosuke Niwa

Comment 1 2012-07-17 23:39:08 PDT

Created attachment 152939 [details] Fixes the bug

Ryosuke Niwa

Comment 2 2012-07-17 23:44:52 PDT

Created attachment 152941 [details] Updated for ToT

Ryosuke Niwa

Comment 3 2012-07-17 23:50:59 PDT

Created attachment 152943 [details] Fixed per benjaminp's comment on IRC

Benjamin Poulain

Comment 4 2012-07-17 23:54:12 PDT

Comment on attachment 152943 [details] Fixed per benjaminp's comment on IRC offsetOfLastItem + 1 seems reasonable :)

Ryosuke Niwa

Comment 5 2012-07-18 00:00:18 PDT

*** Bug 91413 has been marked as a duplicate of this bug. ***

WebKit Review Bot

Comment 6 2012-07-18 01:16:44 PDT

Comment on attachment 152943 [details] Fixed per benjaminp's comment on IRC Clearing flags on attachment: 152943 Committed r122930: <http://trac.webkit.org/changeset/122930>

WebKit Review Bot

Comment 7 2012-07-18 01:16:51 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P1

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component DOM

Assignee

Ryosuke Niwa

Reported

2012-07-17 23:26 PDT

Modified

2012-07-18 01:16 PDT History

CC List

5 users Show

URL

Keywords

Duplicates (1)

91413 View as bug list

Depends on

Blocks

91335 91571

Dependencies

tree graph