Closed Bug 544470 Opened 15 years ago Closed 15 years ago

WebGLFloatArray constructor crashes if passed an uninitialized array [@ TypedArrayTemplate<float>::copyFrom] [@ JSObject::defaultValue]

Categories

(Core :: JavaScript Engine, defect)

x86
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: jwkbugzilla, Unassigned)

Details

(Keywords: crash)

Crash Data

Typing in the following into the location bar triggers a crash: javascript:new WebGLFloatArray(new Array(1)) javascript:var a = new Array(1);a.push(1);new WebGLFloatArray(a) Crash reports (for the first and second testcase respectively): bp-b426174d-060a-4623-b1e2-906f12100205 bp-14fc10e6-36c4-4061-90ed-42a642100205 I am filing this under JavaScript Engine since that's where the crash happens. The build I was using: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a1pre) Gecko/20100204 Minefield/3.7a1pre
Apparently this has been fixed, it's not crashing for me (linux x86-64).
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Confirmed, WORKSFORME on Mozilla/5.0 (Windows; U; Windows NT 6.1; WOW64; en-US; rv:1.9.3a6pre) Gecko/20100617 Minefield/3.7a6pre
Crash Signature: [@ TypedArrayTemplate<float>::copyFrom] [@ JSObject::defaultValue]
You need to log in before you can comment on or make changes to this bug.