Closed
Bug 1452571
Opened 6 years ago
Closed 6 years ago
js::IsBufferSource() is missing |return true| for the DataView case
Categories
(Core :: JavaScript Engine, enhancement, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla61
Tracking | Status | |
---|---|---|
firefox61 | --- | fixed |
People
(Reporter: anba, Assigned: luke)
Details
Attachments
(1 file)
1.62 KB,
patch
|
anba
:
review+
|
Details | Diff | Splinter Review |
As currently written, the return values for the DataView case [1] are simply ignored. Btw, this [2] seems really unsafe, because it can detach the ArrayBuffer which is not handled by the following code... [1] https://searchfox.org/mozilla-central/rev/7ccb618f45a1398e31a086a009f87c8fd3a790b6/js/src/vm/TypedArrayObject.cpp#2162-2166 [2] https://searchfox.org/mozilla-central/rev/7ccb618f45a1398e31a086a009f87c8fd3a790b6/js/src/shell/js.cpp#5742-5764
Assignee | ||
Comment 2•6 years ago
|
||
Thanks!
Reporter | ||
Comment 3•6 years ago
|
||
Comment on attachment 8969448 [details] [diff] [review] fix-bugs Review of attachment 8969448 [details] [diff] [review]: ----------------------------------------------------------------- Looks good to me! :-) Btw, are there any plans to explicitly disallow detached ArrayBuffers instead of silently treating them as zero-length ArrayBuffers?
Attachment #8969448 -
Flags: review?(andrebargull) → review+
Assignee | ||
Comment 4•6 years ago
|
||
Ah, interesting question. Looks like Web IDL says to throw: https://heycam.github.io/webidl/#es-buffer-source-types while implementations generally don't: https://github.com/heycam/webidl/issues/151 Seems like a good idea to throw though (or at least try to and see if it breaks anything).
Pushed by lwagner@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/907f224f35c0 Baldr: fix IsBufferSource on DataView and prevent shell-only rooting bug (r=anba)
Comment 6•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/907f224f35c0
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
You need to log in
before you can comment on or make changes to this bug.
Description
•