Closed
Bug 1230337
Opened 8 years ago
Closed 8 years ago
TypedArrayObject::isNeutered doesn't understand inline storage
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla45
Tracking | Status | |
---|---|---|
firefox45 | --- | fixed |
People
(Reporter: efaust, Unassigned)
Details
Attachments
(1 file)
864 bytes,
patch
|
Waldo
:
review+
|
Details | Diff | Splinter Review |
The check's just wrong. Probably a typo.
Attachment #8695535 -
Flags: review?(jwalden+bmo)
Comment 1•8 years ago
|
||
Comment on attachment 8695535 [details] [diff] [review] fixNeuteredCheck.patch Review of attachment 8695535 [details] [diff] [review]: ----------------------------------------------------------------- Bah, I missed this in bug 1176214. Actually more than missed, I think, because what I reviewed there didn't have the null-check this has -- presumably it showed up in a try-run or so and was done as an obvious fix, which it is except for the wrong-conjunction thinko.
Attachment #8695535 -
Flags: review?(jwalden+bmo) → review+
Comment 3•8 years ago
|
||
Yes, a conjunction of unfavorable circumstances: Some of the isNeutered code came in late, and during a try run there was a crasher here because the bufferShared() guard was missing and bufferShared() can return nullptr. Also see bug 1229809, I'm not sure how well the neutering code is adapted to shared memory (which is not neuterable).
Comment 4•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/039acf906edc
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox45:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in
before you can comment on or make changes to this bug.
Description
•