TypedArrayObject::isNeutered doesn't understand inline storage

RESOLVED FIXED in Firefox 45

Status

()

Core
JavaScript Engine
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: efaust, Unassigned)

Tracking

unspecified
mozilla45
Points:
---

Firefox Tracking Flags

(firefox45 fixed)

Details

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
Created attachment 8695535 [details] [diff] [review]
fixNeuteredCheck.patch

The check's just wrong. Probably a typo.
Attachment #8695535 - Flags: review?(jwalden+bmo)

Comment 1

3 years ago
Comment on attachment 8695535 [details] [diff] [review]
fixNeuteredCheck.patch

Review of attachment 8695535 [details] [diff] [review]:
-----------------------------------------------------------------

Bah, I missed this in bug 1176214.  Actually more than missed, I think, because what I reviewed there didn't have the null-check this has -- presumably it showed up in a try-run or so and was done as an obvious fix, which it is except for the wrong-conjunction thinko.
Attachment #8695535 - Flags: review?(jwalden+bmo) → review+

Comment 3

3 years ago
Yes, a conjunction of unfavorable circumstances: Some of the isNeutered code came in late, and during a try run there was a crasher here because the bufferShared() guard was missing and bufferShared() can return nullptr.

Also see bug 1229809, I'm not sure how well the neutering code is adapted to shared memory (which is not neuterable).

Comment 4

3 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/039acf906edc
Status: NEW → RESOLVED
Last Resolved: 3 years ago
status-firefox45: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in before you can comment on or make changes to this bug.