[Webkit-unassigned] [Bug 82090] CloneDeserializer::readArrayBufferView() could try reading ArrayBuffer even when ArrayBuffer wasn't there
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 23 16:07:26 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=82090
--- Comment #4 from Dmitry Lomov <dslomov at google.com> 2012-03-23 16:07:26 PST ---
(In reply to comment #3)
> (In reply to comment #2)
> > (In reply to comment #1)
> > > got a fix, will try to create a test
> >
> > What is the test that fails for you?
> > LayoutTests/fast/canvas/webgl/array-message-passing.html is the key test that tests this functionality and it passes.
>
> Sorry my first conclusion is wrong. It appears like ArrayBufferView just because the ArrayBuffer isn't there, and it hits the other ArrayBufferView.
>
> The reason that the ArrayBuffer isn't there is due to this:
>
> if (!startObjectInternal(obj)) // handle duplicates
> 636: return true;
> write(ArrayBufferTag);
>
> When the deserializer reads the ArrayBufferView, it doesn't expect missing array buffer.
Could you give an example of JavaScript code that fails?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list