[Webkit-unassigned] [Bug 82090] CloneDeserializer::readArrayBufferView() could try reading ArrayBuffer even when ArrayBuffer wasn't there
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 23 14:47:08 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=82090
Yong Li <yong.li.webkit at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|CloneDeserializer::readArra |CloneDeserializer::readArra
|yBufferView() fails to read |yBufferView() could try
|arrays like Uint8Array |reading ArrayBuffer even
| |when ArrayBuffer wasn't
| |there
--- Comment #3 from Yong Li <yong.li.webkit at gmail.com> 2012-03-23 14:47:08 PST ---
(In reply to comment #2)
> (In reply to comment #1)
> > got a fix, will try to create a test
>
> What is the test that fails for you?
> LayoutTests/fast/canvas/webgl/array-message-passing.html is the key test that tests this functionality and it passes.
Sorry my first conclusion is wrong. It appears like ArrayBufferView just because the ArrayBuffer isn't there, and it hits the other ArrayBufferView.
The reason that the ArrayBuffer isn't there is due to this:
if (!startObjectInternal(obj)) // handle duplicates
636: return true;
write(ArrayBufferTag);
When the deserializer reads the ArrayBufferView, it doesn't expect missing array buffer.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list