Closed
Bug 707997
Opened 13 years ago
Closed 13 years ago
Vector.<float4> access beyond vector length not handled when jitted
Categories
(Tamarin Graveyard :: Baseline JIT (CodegenLIR), defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
Q2 12 - Cyril
People
(Reporter: brbaker, Assigned: virgilp)
References
Details
Code: var vec:Vector.<float4> = new <float4> [float4(0, 0, 0, 0), float4(1, 1, 1, 0), float4(2, 2, 2, 0)]; function foo() { print(vec[3]); } foo(); Expected: RangeError: Error #1125: The index 3 is out of range 3. Actual: #0 0x000a985f in avmplus::ListImpl<float4_t, avmplus::DataListHelper<float4_t, 16ul> >::length (this=0x30) at avmplusList-inlines.h:467 #1 0x001517aa in avmplus::TypedVectorObject<avmplus::DataList<float4_t, 16ul> >::checkReadIndex_u (this=0x0, index=3) at VectorClass-inlines.h:284 #2 0x001517f7 in avmplus::TypedVectorObject<avmplus::DataList<float4_t, 16ul> >::_getFloat4UintProperty (this=0x0, result=0x11df4b8, index=3) at VectorClass-impl.h:544 #3 0x011fba16 in ?? () #4 0x000f6a1a in avmplus::BaseExecMgr::endCoerce (env=0x11d61a0, argc=0, ap=0xbfffe9f0, ms=0x109b980) at ../core/exec.cpp:885 #5 0x000f7c73 in avmplus::BaseExecMgr::invokeGeneric (env=0x11d61a0, argc=0, atomv=0xbfffebf0) at ../core/exec.cpp:1086 ... ...
Flags: in-testsuite?
Flags: flashplayer-triage+
Flags: flashplayer-qrb+
Flags: flashplayer-bug-
Updated•13 years ago
|
Assignee: nobody → virgilp
Priority: -- → P1
Target Milestone: --- → Q2 12 - Cyril
Assignee | ||
Comment 1•13 years ago
|
||
Wow, that was a scary bug (wrong calling convention on vector getters, for float4; only worked in regular cases because the helpers are not typically called). Fixed in changeset 7040:b73cb9de7c93.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 2•13 years ago
|
||
Testmedia added: changeset: 7041:0f24de2c043b tag: tip user: Brent Baker <brbaker@adobe.com> date: Wed Dec 07 06:35:49 2011 -0500 summary: Bug 707997: testmedia for Vector.<float4> access beyond vector length
Status: RESOLVED → VERIFIED
Flags: in-testsuite? → in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•