[Webkit-unassigned] [Bug 24268] New: RuntimeArray is not a fully implemented JSArray
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Feb 28 23:54:10 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=24268
Summary: RuntimeArray is not a fully implemented JSArray
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore JavaScript
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: sofromv at gmail.com
CC: oliver at apple.com
RuntimeArray class from WebCore/bridge has the class info parent JSArray::info.
Therefore, it will be treated like a JSArray in function arrayProtoFuncConcat
from JavaScriptCore::ArrayPrototype class. When an object of type RuntimeArray
will be cast to JSArray, the cast will succeed, but the function
arrayProtoFuncConcat will crash when attempting to call length method, that is
implemented in JSArray but not in RuntimeArray.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list