[Webkit-unassigned] [Bug 82090] CloneDeserializer::readArrayBufferView() could try reading ArrayBuffer even when ArrayBuffer wasn't there
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 26 10:50:38 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=82090
Yong Li <yong.li.webkit at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
--- Comment #6 from Yong Li <yong.li.webkit at gmail.com> 2012-03-26 10:50:38 PST ---
Dmitry, the problem I'm seeing is:
1) when serializing ArrayBufferView, it appends the ArrayBufferView object to m_objectPool first, and then appends the ArrayBuffer object.
2) When deserializing, it reads ArrayBuffer first (to m_gcBuffer), and then reads ArrayBufferView.
So if the objects are referenced later with ObjectReferenceTag, it could mess up.
Trying to get a test case now. Do you see anything wrong above?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list