AddressSanitizer: SEGV /builds/worker/workspace/build/src/js/src/jsfriendapi.h:1564:9 in byteSize
Categories
(Core :: Storage: IndexedDB, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox65 | --- | wontfix |
firefox66 | --- | wontfix |
firefox67 | --- | wontfix |
firefox68 | --- | fixed |
People
(Reporter: jkratzer, Assigned: violet.bugreport)
References
(Blocks 3 open bugs)
Details
(Keywords: crash, regression, testcase)
Attachments
(2 files)
Updated•6 years ago
|
Assignee | ||
Updated•6 years ago
|
Assignee | ||
Comment 1•6 years ago
|
||
When using JS_IsArrayBufferViewObject() to check ArrayBufferView object,
we should consistently use JS_FRIEND_API to get its length and data.
Because in rare case there might a wrapper on the object, JS_FRIEND_API
will handle it, js::GetArrayBufferViewLengthAndData() won't.
Updated•6 years ago
|
Assignee | ||
Comment 2•6 years ago
|
||
Hi Jan,
I submitted two patches (including this one) for some crash bugs in IndexedDB component two days ago, could you review them? This one in particular will cause a dereference-of-wrong-type in release build, I think it needs to be fixed.
These are my first patches to IndexedDB component, so I might be choosing reviewer incorrectly. In case I'm wrong, could you point me to the correct reviewer to get these patches reviewed?
Thanks!
Comment 3•6 years ago
|
||
I don't quite understand the commit message... js::GetArrayBufferViewLengthAndData is friend API just like JS_GetObjectAsArrayBufferView. The real change is that JS_GetObjectAsArrayBufferView can handle a CCW for an ArrayBufferView while js::GetArrayBufferViewLengthAndData can't, right?
Assignee | ||
Comment 4•6 years ago
•
|
||
(In reply to Boris Zbarsky [:bzbarsky, bz on IRC] from comment #3)
I don't quite understand the commit message... js::GetArrayBufferViewLengthAndData is friend API just like JS_GetObjectAsArrayBufferView.
Sorry, I'm new to the JS codebase, after re-reading the js/src/jsfriendapi.h declarations, I found js::GetArrayBufferViewLengthAndData is indeed a JS_FRIEND_API. I will update the commit message.
The real change is that JS_GetObjectAsArrayBufferView can handle a CCW for an ArrayBufferView while js::GetArrayBufferViewLengthAndData can't, right?
Yes, this is what I meant.
Comment 5•6 years ago
|
||
Sounds good, thank you!
Updated•6 years ago
|
Updated•6 years ago
|
Comment 7•6 years ago
|
||
bugherder |
Updated•6 years ago
|
Updated•5 years ago
|
Description
•