Closed
Bug 396446
Opened 18 years ago
Closed 16 years ago
fix bug in clamp and remove usless unsigned checks
Categories
(Tamarin Graveyard :: Virtual Machine, defect, P3)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: andrei, Assigned: lhansen)
Details
Attachments
(1 file)
|
1.35 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Build Identifier: HEAD 164
There is a bug in ClampIndexInt.
if (intValue < 0)
{
if (intValue + length < 0)
result = 0;
else
result = (uint32)(intValue + length);
}
where intValue is of type int, length is of type uint32. Since length is unsigned intValue + length this will become unsigned. This check will never be true. You meant for it to be a signed check I'm guessing.
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
|
Reporter | |
Comment 1•18 years ago
|
||
|
|
Reporter | |
Comment 2•18 years ago
|
||
This also gets rid of some useless assertions that an unsigned value may be less than 0.
|
|
||
Comment 3•16 years ago
|
||
triaging old bugs, this bug was partially implemented.
GCStack.h: 96 still has _DEBUG GCAssert(m_iCount>=0
NativeObjectHelpers.h: 65 now has if (intValue + length < 0.0)
Flags: flashplayer-triage+
Flags: flashplayer-qrb?
|
|
||
Comment 4•16 years ago
|
||
changed component to vm instead of GC since the usess GC assert were removed
Component: Garbage Collection (mmGC) → Virtual Machine
QA Contact: gc → vm
Lars, is this bug/patch still relevant?
Assignee: nobody → lhansen
Priority: -- → P3
|
|
Assignee | |
Comment 6•16 years ago
|
||
These changes have all been integrated.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
||
Updated•16 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•