[Webkit-unassigned] [Bug 133577] New: In a certain app state, Array.prototype.filter() returns incorrect results

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jun 6 09:58:55 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=133577

           Summary: In a certain app state, Array.prototype.filter()
                    returns incorrect results
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
               URL: http://jsbin.com/potewaye/13/edit?js,console
        OS/Version: Mac OS X 10.9
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ryan at wonko.com


Created an attachment (id=232618)
 --> (https://bugs.webkit.org/attachment.cgi?id=232618&action=review)
Array.prototype.filter() bug test case

The Router component in the YUI JS library somehow induces a certain state that temporarily causes Array.prototype.filter() to return incorrect results (an empty array instead of a correctly filtered array).

I've been unable to track down the precise cause of this state, but it's at least consistently reproducible using the attached test case, which is also visible at http://jsbin.com/potewaye/13/edit?js,console

The test succeeds in all browsers except Safari 8 on OS X Yosemite and recent WebKit nightlies (I tested 9537.76.4, r169635). I don't think the problem lies with YUI, since YUI's router has been in wide production use for several years and this problem only surfaced in these brand new WebKit builds.

http://www.smugmug.com/ is one production website affected by this bug, but there are many others using the YUI Router, including various Yahoo sites.

Steps to Reproduce:
1. Run the attached test case.

Expected Results:
Three separate arrays should be logged to the console demonstrating that Array.prototype.filter() is working properly: ["started"], ["finished"], and ["foo"].

Actual Results:
In Safari 8 and WebKit 9537.76.4, r169635, the logged arrays are ["started"], ["finished"], and [], and you'll see the error message "Array.prototype.filter() failed!" indicating that Array.prototype.filter() returned incorrect results when run inside a YUI router callback.

I also filed this as rdar://17186034

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list