Closed
Bug 592737
Opened 14 years ago
Closed 14 years ago
vertexAttrib3fv crash [@JSObject::getClass]
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
blocking2.0 | --- | beta7+ |
People
(Reporter: posidron, Assigned: bjacob)
Details
Attachments
(2 files, 1 obsolete file)
5.58 KB,
text/plain
|
Details | |
4.50 KB,
patch
|
vlad
:
review+
|
Details | Diff | Splinter Review |
vertexAttrib3fv(0, null); The parameter 'null' causes a null pointer dereference. Required parameter type: Float32Array | sequence
Reporter | ||
Updated•14 years ago
|
Version: unspecified → Trunk
Assignee | ||
Comment 1•14 years ago
|
||
OK, let helper_isInt32Array and helper_isFloat32Array check if obj is null, and return false in that case.
Comment on attachment 471170 [details] [diff] [review] Fix bug 592737 This actually isn't enough -- JS_IsArrayObject will crash if given a null argument, so we'd just move the crash one branch down in the if() statement. Better would be to just null check the arg right after it's pulled out of the args array. In some cases this involves adding an additional brahc, in others it means changing if (!JSVAL_IS_OBJECT(x)) -> if (JSVAL_IS_PRIMITIVE(x))
Assignee | ||
Comment 3•14 years ago
|
||
OK, here's the new patch. By the way, these were the last occurences of !JSVAL_IS_OBJECT in this file. This should prevent crashing, but I wonder if that is spec-compliant: in case of a null object, shouldn't these methods just generate ERROR_INVALID_VALUE and let the JS continue?
Attachment #471170 -
Attachment is obsolete: true
Attachment #471204 -
Flags: review?(vladimir)
Attachment #471170 -
Flags: review?(vladimir)
Comment on attachment 471204 [details] [diff] [review] Fix bug 592737 looks fine; not sure about the GL error though -- maybe?
Attachment #471204 -
Flags: review?(vladimir) → review+
Assignee | ||
Comment 5•14 years ago
|
||
Anyway, that would be nontrivial to fix as we can't generate GL errors from quickstubs. Sweeping this one under the carpet... Will land the fix tomorrow morning (don't want to spend tonight babysitting tinderbox...)
Assignee | ||
Updated•14 years ago
|
blocking2.0: --- → ?
Assignee | ||
Comment 6•14 years ago
|
||
Please mark as blocking so I can land this tomorrow.
Updated•14 years ago
|
blocking2.0: ? → beta6+
Assignee | ||
Comment 7•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/886665dec3cb
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•