[Webkit-unassigned] [Bug 86733] Setting array index -1 and looping over array causes bad behavior
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 17 12:14:30 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=86733
--- Comment #2 from Gavin Kistner <gavin at phrogz.net> 2012-05-17 12:13:35 PST ---
Here is a simpler test case:
setInterval(function(){
var a=[10,20,30,40], i=-1, x, c=a.length;
a[-1] = 42;
while (i<10000) x = a[i++ % a];
console.log(a[-1],a[4294967295]);
},100);
The above code produces the following console output:
42 undefined
undefined 42
42 undefined
37x undefined 42
42 undefined
undefined 42
42 undefined
41x undefined 42
42 undefined
undefined 42
42 undefined
41x undefined 42
42 undefined
undefined 42
42 undefined
37x undefined 42
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list