Closed
Bug 1592547
Opened 5 years ago
Closed 4 years ago
TypedArray's length limited to one less element than the maximum valid limit
Categories
(Core :: JavaScript Engine, defect, P3)
Core
JavaScript Engine
Tracking
()
RESOLVED
DUPLICATE
of bug 1689308
| Tracking | Status | |
|---|---|---|
| firefox72 | --- | affected |
People
(Reporter: anba, Assigned: jorendorff)
Details
Attachments
(1 file)
TypedArray's length is limited to one less element than the actual maximum valid limit (which is UINT32_MAX - BYTES_PER_ELEMENT). If there's a technical reason for this, we should document it more clearly. If there's no technical reason, we should use the actual maximum limit.
Example:
js> var ab = new ArrayBuffer(0x7fff_ffff)
js> var ta = new Int8Array(ab)
typein:2:10 RangeError: attempting to construct out-of-bounds TypedArray on ArrayBuffer
Stack:
@typein:2:10
js> var ta = new Int8Array(ab.slice(1))
js>
js> var ab = new ArrayBuffer(0x7fff_fff8)
js> var ta = new Float64Array(ab)
typein:2:10 RangeError: attempting to construct out-of-bounds TypedArray on ArrayBuffer
Stack:
@typein:2:10
js> var ta = new Float64Array(ab.slice(8))
js>
|
Assignee | |
Updated•5 years ago
|
Type: task → defect
Priority: -- → P3
|
|
Assignee | |
Updated•5 years ago
|
Assignee: nobody → jorendorff
|
|
Assignee | |
Comment 1•5 years ago
|
||
I see a bunch of stuff like this but I don't see any code that actually uses INT32_MAX for any special purpose related to TypedArray length or byteLength.
I think we can just change this.
|
|
Assignee | |
Comment 2•5 years ago
|
||
|
||
Comment 3•4 years ago
|
||
I'm fixing this in bug 1689308 (I started writing the patch, then found this bug).
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•