Closed Bug 1230337 Opened 8 years ago Closed 8 years ago

TypedArrayObject::isNeutered doesn't understand inline storage

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla45
Tracking Status
firefox45 --- fixed

People

(Reporter: efaust, Unassigned)

Details

Attachments

(1 file)

The check's just wrong. Probably a typo.
Attachment #8695535 - Flags: review?(jwalden+bmo)
Comment on attachment 8695535 [details] [diff] [review]
fixNeuteredCheck.patch

Review of attachment 8695535 [details] [diff] [review]:
-----------------------------------------------------------------

Bah, I missed this in bug 1176214.  Actually more than missed, I think, because what I reviewed there didn't have the null-check this has -- presumably it showed up in a try-run or so and was done as an obvious fix, which it is except for the wrong-conjunction thinko.
Attachment #8695535 - Flags: review?(jwalden+bmo) → review+
Yes, a conjunction of unfavorable circumstances: Some of the isNeutered code came in late, and during a try run there was a crasher here because the bufferShared() guard was missing and bufferShared() can return nullptr.

Also see bug 1229809, I'm not sure how well the neutering code is adapted to shared memory (which is not neuterable).
https://hg.mozilla.org/mozilla-central/rev/039acf906edc
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: