[webkit-reviews] review granted: [Bug 106308] [Chromium] WebGL typed array constructor crashes on exception : [Attachment 182359] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 11 10:07:58 PST 2013
Kentaro Hara <haraken at chromium.org> has granted Kenneth Russell
<kbr at google.com>'s request for review:
Bug 106308: [Chromium] WebGL typed array constructor crashes on exception
https://bugs.webkit.org/show_bug.cgi?id=106308
Attachment 182359: Patch
https://bugs.webkit.org/attachment.cgi?id=182359&action=review
------- Additional Comments from Kentaro Hara <haraken at chromium.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=182359&action=review
> Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h:179
> + len = toUInt32(val);
This conversion can fail too. So you might want to do:
bool ok;
len = toUInt32(val, ok);
if (!ok) {
...;
}
Either way let's fix it in a follow-up patch.
More information about the webkit-reviews
mailing list