[Webkit-unassigned] [Bug 108435] New: HashSet<>::find(0) hits an assertion in debug and returns a bogus iterator
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 30 23:38:09 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=108435
Summary: HashSet<>::find(0) hits an assertion in debug and
returns a bogus iterator
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Web Template Framework
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rniwa at webkit.org
CC: eric at webkit.org, mjs at apple.com, darin at apple.com,
sam at webkit.org
Add the following test case to HashSet.cpp in WTF tests:
TEST(WTF, HashSetFindZero)
{
HashSet<uint64_t> testSet;
// Initial capacity is null.
ASSERT_EQ(0, testSet.capacity());
testSet.add(static_cast<uint64_t>(123));
testSet.add(static_cast<uint64_t>(456));
ASSERT_TRUE(testSet.find(static_cast<uint64_t>(0)) == testSet.end());
}
You'll hit an assertion in
template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
template<typename HashTranslator, typename T>
void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::checkKey(const T& key)
{
if (!HashFunctions::safeToCompareToEmptyOrDeleted)
return;
ASSERT(!HashTranslator::equal(KeyTraits::emptyValue(), key));
This results in HashSet::find returning a bogus iterator and HashSet::remove deleting an unrelated item, resulting in a really bad consistent state where size can be a bogus value like -1.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list