Closed
Bug 601070
Opened 14 years ago
Closed 14 years ago
"Assertion failure: offset < length" [@ TypedArrayTemplate::copyFromWithOverlap]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | betaN+ |
People
(Reporter: jruderman, Assigned: vlad)
Details
(Keywords: assertion, testcase, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file, 1 obsolete file)
|
1.00 KB,
patch
|
jorendorff
:
review+
|
Details | Diff | Splinter Review |
var x = Int32Array();
x.set(x);
Assertion failure: offset < length, at jstypedarray.cpp:1234
The first bad revision is:
changeset: 82ff7c27fcb0
user: Vladimir Vukicevic
date: Fri Aug 27 12:07:24 2010 -0400
summary: bug 575685; implement set() from TypedArray spec; r=jorendorff
|
||
Updated•14 years ago
|
blocking2.0: --- → ?
|
||
Updated•14 years ago
|
Assignee: general → vladimir
blocking2.0: ? → betaN+
|
Assignee | |
Comment 1•14 years ago
|
||
Simple fix; just bail early if there's nothing to do. Assertion that's being caused is harmless for this particular case; it'll end up doing a memmove with 0 length, in other cases it would do a js_malloc of 0 bytes, and then loop 0 times, and then js_free the thing we malloc'd.
Attachment #481087 -
Flags: review?
|
|
Assignee | |
Updated•14 years ago
|
Attachment #481087 -
Flags: review? → review?(jorendorff)
|
||
Comment 2•14 years ago
|
||
Comment on attachment 481087 [details] [diff] [review]
fix
Wouldn't it be better to fix the assertion? Everywhere else we assert that
offset <= length.
Attachment #481087 -
Flags: review?(jorendorff)
|
|
Assignee | |
Comment 3•14 years ago
|
||
Hm, for some reason I convinced myself that we couldn't just do that, but looking at the code again (and what I wrote above!) I think we can.
|
|
Assignee | |
Comment 4•14 years ago
|
||
yeah, seems to work fine.
Attachment #481087 -
Attachment is obsolete: true
Attachment #481341 -
Flags: review?(jorendorff)
|
|
||
Updated•14 years ago
|
Attachment #481341 -
Flags: review?(jorendorff) → review+
|
||
Comment 5•14 years ago
|
||
Looks like we have a patch that just needs to land.
|
|
||
Comment 6•14 years ago
|
||
Status: NEW → ASSIGNED
Whiteboard: fixed-in-tracemonkey
|
|
||
Comment 7•14 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
||
Comment 8•12 years ago
|
||
Automatically extracted testcase for this bug was committed:
https://hg.mozilla.org/mozilla-central/rev/efaf8960a929
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•