Diff
Modified: trunk/LayoutTests/ChangeLog (91802 => 91803)
--- trunk/LayoutTests/ChangeLog 2011-07-27 00:25:06 UTC (rev 91802)
+++ trunk/LayoutTests/ChangeLog 2011-07-27 00:53:33 UTC (rev 91803)
@@ -1,3 +1,13 @@
+2011-07-26 Kenneth Russell <[email protected]>
+
+ Float32Array(ArrayBuffer, index, length) constructor working incorrectly.
+ https://bugs.webkit.org/show_bug.cgi?id=57042
+
+ Reviewed by James Robinson.
+
+ * fast/canvas/webgl/array-unit-tests-expected.txt:
+ * fast/canvas/webgl/array-unit-tests.html:
+
2011-07-26 Adrienne Walker <[email protected]>
[chromium] Check in expectations for font-family-pictograph.
Modified: trunk/LayoutTests/fast/canvas/webgl/array-unit-tests-expected.txt (91802 => 91803)
--- trunk/LayoutTests/fast/canvas/webgl/array-unit-tests-expected.txt 2011-07-27 00:25:06 UTC (rev 91802)
+++ trunk/LayoutTests/fast/canvas/webgl/array-unit-tests-expected.txt 2011-07-27 00:53:33 UTC (rev 91803)
@@ -21,7 +21,8 @@
PASS Construction of Float32Array with null buffer threw exception
PASS Construction of Float32Array with (null buffer, 0) threw exception
PASS Construction of Float32Array with (null buffer, 0, 0) threw exception
-PASS Construction of Float32Array with out-of-range values threw an exception
+PASS Construction of Float32Array with out-of-range number of elements threw an exception
+PASS Construction of Float32Array with out-of-range offset threw an exception
PASS Construction of ArrayBuffer with negative size threw exception
PASS Construction of Float32Array with negative size threw exception
PASS Construction of Float32Array with negative out-of-range values threw an exception
@@ -29,6 +30,7 @@
PASS Construction of Float32Array with unaligned length threw an exception
PASS Construction of huge Float32Array threw exception
PASS Array lengths matched with explicit and implicit creation of ArrayBuffer
+PASS new Float32Array(new ArrayBuffer(18), 0, 2) succeeded
Testing subarray of Float32Array
PASS array.length is 32 / typeSize
PASS array.subarray(4, 0x3FFFFFFF).length is (32 / typeSize) - 4
@@ -65,7 +67,8 @@
PASS Construction of Float64Array with null buffer threw exception
PASS Construction of Float64Array with (null buffer, 0) threw exception
PASS Construction of Float64Array with (null buffer, 0, 0) threw exception
-PASS Construction of Float64Array with out-of-range values threw an exception
+PASS Construction of Float64Array with out-of-range number of elements threw an exception
+PASS Construction of Float64Array with out-of-range offset threw an exception
PASS Construction of ArrayBuffer with negative size threw exception
PASS Construction of Float64Array with negative size threw exception
PASS Construction of Float64Array with negative out-of-range values threw an exception
@@ -73,6 +76,7 @@
PASS Construction of Float64Array with unaligned length threw an exception
PASS Construction of huge Float64Array threw exception
PASS Array lengths matched with explicit and implicit creation of ArrayBuffer
+PASS new Float64Array(new ArrayBuffer(36), 0, 2) succeeded
Testing subarray of Float64Array
PASS array.length is 32 / typeSize
PASS array.subarray(4, 0x3FFFFFFF).length is (32 / typeSize) - 4
@@ -110,7 +114,8 @@
PASS Construction of Int8Array with null buffer threw exception
PASS Construction of Int8Array with (null buffer, 0) threw exception
PASS Construction of Int8Array with (null buffer, 0, 0) threw exception
-PASS Construction of Int8Array with out-of-range values threw an exception
+PASS Construction of Int8Array with out-of-range number of elements threw an exception
+PASS Construction of Int8Array with out-of-range offset threw an exception
PASS Construction of ArrayBuffer with negative size threw exception
PASS Construction of Int8Array with negative size threw exception
PASS Construction of Int8Array with negative out-of-range values threw an exception
@@ -151,7 +156,8 @@
PASS Construction of Int16Array with null buffer threw exception
PASS Construction of Int16Array with (null buffer, 0) threw exception
PASS Construction of Int16Array with (null buffer, 0, 0) threw exception
-PASS Construction of Int16Array with out-of-range values threw an exception
+PASS Construction of Int16Array with out-of-range number of elements threw an exception
+PASS Construction of Int16Array with out-of-range offset threw an exception
PASS Construction of ArrayBuffer with negative size threw exception
PASS Construction of Int16Array with negative size threw exception
PASS Construction of Int16Array with negative out-of-range values threw an exception
@@ -159,6 +165,7 @@
PASS Construction of Int16Array with unaligned length threw an exception
PASS Construction of huge Int16Array threw exception
PASS Array lengths matched with explicit and implicit creation of ArrayBuffer
+PASS new Int16Array(new ArrayBuffer(9), 0, 2) succeeded
Testing subarray of Int16Array
PASS array.length is 32 / typeSize
PASS array.subarray(4, 0x3FFFFFFF).length is (32 / typeSize) - 4
@@ -196,7 +203,8 @@
PASS Construction of Int32Array with null buffer threw exception
PASS Construction of Int32Array with (null buffer, 0) threw exception
PASS Construction of Int32Array with (null buffer, 0, 0) threw exception
-PASS Construction of Int32Array with out-of-range values threw an exception
+PASS Construction of Int32Array with out-of-range number of elements threw an exception
+PASS Construction of Int32Array with out-of-range offset threw an exception
PASS Construction of ArrayBuffer with negative size threw exception
PASS Construction of Int32Array with negative size threw exception
PASS Construction of Int32Array with negative out-of-range values threw an exception
@@ -204,6 +212,7 @@
PASS Construction of Int32Array with unaligned length threw an exception
PASS Construction of huge Int32Array threw exception
PASS Array lengths matched with explicit and implicit creation of ArrayBuffer
+PASS new Int32Array(new ArrayBuffer(18), 0, 2) succeeded
Testing subarray of Int32Array
PASS array.length is 32 / typeSize
PASS array.subarray(4, 0x3FFFFFFF).length is (32 / typeSize) - 4
@@ -241,7 +250,8 @@
PASS Construction of Uint8Array with null buffer threw exception
PASS Construction of Uint8Array with (null buffer, 0) threw exception
PASS Construction of Uint8Array with (null buffer, 0, 0) threw exception
-PASS Construction of Uint8Array with out-of-range values threw an exception
+PASS Construction of Uint8Array with out-of-range number of elements threw an exception
+PASS Construction of Uint8Array with out-of-range offset threw an exception
PASS Construction of ArrayBuffer with negative size threw exception
PASS Construction of Uint8Array with negative size threw exception
PASS Construction of Uint8Array with negative out-of-range values threw an exception
@@ -282,7 +292,8 @@
PASS Construction of Uint16Array with null buffer threw exception
PASS Construction of Uint16Array with (null buffer, 0) threw exception
PASS Construction of Uint16Array with (null buffer, 0, 0) threw exception
-PASS Construction of Uint16Array with out-of-range values threw an exception
+PASS Construction of Uint16Array with out-of-range number of elements threw an exception
+PASS Construction of Uint16Array with out-of-range offset threw an exception
PASS Construction of ArrayBuffer with negative size threw exception
PASS Construction of Uint16Array with negative size threw exception
PASS Construction of Uint16Array with negative out-of-range values threw an exception
@@ -290,6 +301,7 @@
PASS Construction of Uint16Array with unaligned length threw an exception
PASS Construction of huge Uint16Array threw exception
PASS Array lengths matched with explicit and implicit creation of ArrayBuffer
+PASS new Uint16Array(new ArrayBuffer(9), 0, 2) succeeded
Testing subarray of Uint16Array
PASS array.length is 32 / typeSize
PASS array.subarray(4, 0x3FFFFFFF).length is (32 / typeSize) - 4
@@ -327,7 +339,8 @@
PASS Construction of Uint32Array with null buffer threw exception
PASS Construction of Uint32Array with (null buffer, 0) threw exception
PASS Construction of Uint32Array with (null buffer, 0, 0) threw exception
-PASS Construction of Uint32Array with out-of-range values threw an exception
+PASS Construction of Uint32Array with out-of-range number of elements threw an exception
+PASS Construction of Uint32Array with out-of-range offset threw an exception
PASS Construction of ArrayBuffer with negative size threw exception
PASS Construction of Uint32Array with negative size threw exception
PASS Construction of Uint32Array with negative out-of-range values threw an exception
@@ -335,6 +348,7 @@
PASS Construction of Uint32Array with unaligned length threw an exception
PASS Construction of huge Uint32Array threw exception
PASS Array lengths matched with explicit and implicit creation of ArrayBuffer
+PASS new Uint32Array(new ArrayBuffer(18), 0, 2) succeeded
Testing subarray of Uint32Array
PASS array.length is 32 / typeSize
PASS array.subarray(4, 0x3FFFFFFF).length is (32 / typeSize) - 4
Modified: trunk/LayoutTests/fast/canvas/webgl/array-unit-tests.html (91802 => 91803)
--- trunk/LayoutTests/fast/canvas/webgl/array-unit-tests.html 2011-07-27 00:25:06 UTC (rev 91802)
+++ trunk/LayoutTests/fast/canvas/webgl/array-unit-tests.html 2011-07-27 00:53:33 UTC (rev 91803)
@@ -480,7 +480,11 @@
shouldThrowIndexSizeErr(function() {
var buffer = new ArrayBuffer(4);
var array = new type(buffer, 4, 0x3FFFFFFF);
- }, "Construction of " + name + " with out-of-range values");
+ }, "Construction of " + name + " with out-of-range number of elements");
+ shouldThrowIndexSizeErr(function() {
+ var buffer = new ArrayBuffer(4);
+ var array = new type(buffer, 8);
+ }, "Construction of " + name + " with out-of-range offset");
}
function testConstructionWithNegativeOutOfRangeValues(type, name) {
@@ -545,6 +549,21 @@
}
}
+function testConstructionWithSubPortionOfArrayBuffer(type, name, elementSizeInBytes) {
+ if (elementSizeInBytes > 1) {
+ // Test construction with a valid sub-portion of an array buffer
+ // (whose size is not an integral multiple of the element size).
+ var size = 4 * elementSizeInBytes + (elementSizeInBytes / 2);
+ var buf = new ArrayBuffer(size);
+ try {
+ var array = new type(buf, 0, 2);
+ testPassed("new " + name + "(new ArrayBuffer(" + size + "), 0, 2) succeeded");
+ } catch (e) {
+ testFailed("new " + name + "(new ArrayBuffer(" + size + "), 0, 2) failed: " + e);
+ }
+ }
+}
+
// These need to be global for shouldBe to see them
var array;
var typeSize;
@@ -849,6 +868,7 @@
testConstructionWithUnalignedLength(type, name, testCase.elementSizeInBytes);
testConstructionOfHugeArray(type, name, testCase.elementSizeInBytes);
testConstructionWithBothArrayBufferAndLength(type, name, testCase.elementSizeInBytes);
+ testConstructionWithSubPortionOfArrayBuffer(type, name, testCase.elementSizeInBytes);
testSubarrayWithOutOfRangeValues(type, name, testCase.elementSizeInBytes);
testSubarrayWithDefaultValues(type, name, testCase.elementSizeInBytes);
testSettingFromArrayWithOutOfRangeOffset(type, name);
Modified: trunk/Source/WebCore/ChangeLog (91802 => 91803)
--- trunk/Source/WebCore/ChangeLog 2011-07-27 00:25:06 UTC (rev 91802)
+++ trunk/Source/WebCore/ChangeLog 2011-07-27 00:53:33 UTC (rev 91803)
@@ -1,3 +1,15 @@
+2011-07-26 Kenneth Russell <[email protected]>
+
+ Float32Array(ArrayBuffer, index, length) constructor working incorrectly.
+ https://bugs.webkit.org/show_bug.cgi?id=57042
+
+ Reviewed by James Robinson.
+
+ * bindings/js/JSArrayBufferViewHelper.h:
+ (WebCore::constructArrayBufferViewWithArrayBufferArgument):
+ * bindings/v8/custom/V8ArrayBufferViewCustom.h:
+ (WebCore::constructWebGLArrayWithArrayBufferArgument):
+
2011-07-26 Chris Rogers <[email protected]>
V8 custom bindings for AudioNode must do proper object checking and throw exception in case of error
Modified: trunk/Source/WebCore/bindings/js/JSArrayBufferViewHelper.h (91802 => 91803)
--- trunk/Source/WebCore/bindings/js/JSArrayBufferViewHelper.h 2011-07-27 00:25:06 UTC (rev 91802)
+++ trunk/Source/WebCore/bindings/js/JSArrayBufferViewHelper.h 2011-07-27 00:53:33 UTC (rev 91803)
@@ -93,11 +93,16 @@
return 0;
unsigned offset = (exec->argumentCount() > 1) ? exec->argument(1).toUInt32(exec) : 0;
- if ((buffer->byteLength() - offset) % sizeof(T))
- throwError(exec, createRangeError(exec, "ArrayBuffer length minus the byteOffset is not a multiple of the element size."));
- unsigned int length = (buffer->byteLength() - offset) / sizeof(T);
+ unsigned int length = 0;
if (exec->argumentCount() > 2)
length = exec->argument(2).toUInt32(exec);
+ else {
+ if ((buffer->byteLength() - offset) % sizeof(T)) {
+ throwError(exec, createRangeError(exec, "ArrayBuffer length minus the byteOffset is not a multiple of the element size."));
+ return 0;
+ }
+ length = (buffer->byteLength() - offset) / sizeof(T);
+ }
RefPtr<C> array = C::create(buffer, offset, length);
if (!array)
setDOMException(exec, INDEX_SIZE_ERR);
Modified: trunk/Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h (91802 => 91803)
--- trunk/Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h 2011-07-27 00:25:06 UTC (rev 91802)
+++ trunk/Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h 2011-07-27 00:53:33 UTC (rev 91803)
@@ -54,15 +54,16 @@
if (!ok)
return throwError("Could not convert argument 1 to a number");
}
- if ((buf->byteLength() - offset) % sizeof(ElementType))
- return throwError("ArrayBuffer length minus the byteOffset is not a multiple of the element size.", V8Proxy::RangeError);
- uint32_t length = (buf->byteLength() - offset) / sizeof(ElementType);
+ uint32_t length = 0;
if (argLen > 2) {
length = toUInt32(args[2], ok);
if (!ok)
return throwError("Could not convert argument 2 to a number");
+ } else {
+ if ((buf->byteLength() - offset) % sizeof(ElementType))
+ return throwError("ArrayBuffer length minus the byteOffset is not a multiple of the element size.", V8Proxy::RangeError);
+ length = (buf->byteLength() - offset) / sizeof(ElementType);
}
-
RefPtr<ArrayClass> array = ArrayClass::create(buf, offset, length);
if (!array) {
V8Proxy::setDOMException(INDEX_SIZE_ERR);
