Bug 91587 - REGRESSION(r122345): HTMLCollection::length() sometimes returns a wrong value
Summary: REGRESSION(r122345): HTMLCollection::length() sometimes returns a wrong value
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P1 Normal
Assignee: Ryosuke Niwa
URL:
Keywords:
: 91413 (view as bug list)
Depends on:
Blocks: 91335 91571
  Show dependency treegraph
 
Reported: 2012-07-17 23:26 PDT by Ryosuke Niwa
Modified: 2012-07-18 01:16 PDT (History)
5 users (show)

See Also:

Attachments
Fixes the bug (4.36 KB, patch)
2012-07-17 23:39 PDT, Ryosuke Niwa 		no flags Details | Formatted Diff | Diff
Updated for ToT (4.36 KB, patch)
2012-07-17 23:44 PDT, Ryosuke Niwa 		no flags Details | Formatted Diff | Diff
Fixed per benjaminp's comment on IRC (4.41 KB, patch)
2012-07-17 23:50 PDT, Ryosuke Niwa 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2012-07-17 23:26:17 PDT 
Due to a bug in HTMLCollection::itemBeforeOrAfterCachedItem, HTMLCollection::length may return a wrong value (1 less than the actual length) sometimes on any port that uses V8 bindings or Objective-C bindings. This problem doesn't reproduce with JSC bindings because we call length() first and that sets the correct cached value.

http://code.google.com/p/chromium/issues/detail?id=137488
Comment 1 Ryosuke Niwa 2012-07-17 23:39:08 PDT 
Created attachment 152939 [details]
Fixes the bug
Comment 2 Ryosuke Niwa 2012-07-17 23:44:52 PDT 
Created attachment 152941 [details]
Updated for ToT
Comment 3 Ryosuke Niwa 2012-07-17 23:50:59 PDT 
Created attachment 152943 [details]
Fixed per benjaminp's comment on IRC
Comment 4 Benjamin Poulain 2012-07-17 23:54:12 PDT 
Comment on attachment 152943 [details]
Fixed per benjaminp's comment on IRC

offsetOfLastItem + 1 seems reasonable  :)
Comment 5 Ryosuke Niwa 2012-07-18 00:00:18 PDT 
*** Bug 91413 has been marked as a duplicate of this bug. ***
Comment 6 WebKit Review Bot 2012-07-18 01:16:44 PDT 
Comment on attachment 152943 [details]
Fixed per benjaminp's comment on IRC

Clearing flags on attachment: 152943

Committed r122930: <http://trac.webkit.org/changeset/122930>
Comment 7 WebKit Review Bot 2012-07-18 01:16:51 PDT 
All reviewed patches have been landed.  Closing bug.