[webkit-changes] [91889] branches/chromium/835

Wed, 27 Jul 2011 18:28:04 -0700

Title: [91889] branches/chromium/835
Revision
91889
Author
[email protected]
Date
2011-07-27 18:27:55 -0700 (Wed, 27 Jul 2011)

Log Message

Merge 91803 - Float32Array(ArrayBuffer, index, length) constructor working incorrectly.
https://bugs.webkit.org/show_bug.cgi?id=57042

Reviewed by James Robinson.

Source/WebCore: 

* bindings/js/JSArrayBufferViewHelper.h:
(WebCore::constructArrayBufferViewWithArrayBufferArgument):
* bindings/v8/custom/V8ArrayBufferViewCustom.h:
(WebCore::constructWebGLArrayWithArrayBufferArgument):

LayoutTests: 

* fast/canvas/webgl/array-unit-tests-expected.txt:
* fast/canvas/webgl/array-unit-tests.html:


[email protected]
Review URL: http://codereview.chromium.org/7523024

Modified Paths

Diff

Modified: branches/chromium/835/LayoutTests/fast/canvas/webgl/array-unit-tests-expected.txt (91888 => 91889)


--- branches/chromium/835/LayoutTests/fast/canvas/webgl/array-unit-tests-expected.txt	2011-07-28 01:24:43 UTC (rev 91888)
+++ branches/chromium/835/LayoutTests/fast/canvas/webgl/array-unit-tests-expected.txt	2011-07-28 01:27:55 UTC (rev 91889)
@@ -21,7 +21,8 @@
 PASS Construction of Float32Array with null buffer threw exception
 PASS Construction of Float32Array with (null buffer, 0) threw exception
 PASS Construction of Float32Array with (null buffer, 0, 0) threw exception
-PASS Construction of Float32Array with out-of-range values threw an exception
+PASS Construction of Float32Array with out-of-range number of elements threw an exception
+PASS Construction of Float32Array with out-of-range offset threw an exception
 PASS Construction of ArrayBuffer with negative size threw exception
 PASS Construction of Float32Array with negative size threw exception
 PASS Construction of Float32Array with negative out-of-range values threw an exception
@@ -29,6 +30,7 @@
 PASS Construction of Float32Array with unaligned length threw an exception
 PASS Construction of huge Float32Array threw exception
 PASS Array lengths matched with explicit and implicit creation of ArrayBuffer
+PASS new Float32Array(new ArrayBuffer(18), 0, 2) succeeded
 Testing subarray of Float32Array
 PASS array.length is 32 / typeSize
 PASS array.subarray(4, 0x3FFFFFFF).length is (32 / typeSize) - 4
@@ -65,7 +67,8 @@
 PASS Construction of Float64Array with null buffer threw exception
 PASS Construction of Float64Array with (null buffer, 0) threw exception
 PASS Construction of Float64Array with (null buffer, 0, 0) threw exception
-PASS Construction of Float64Array with out-of-range values threw an exception
+PASS Construction of Float64Array with out-of-range number of elements threw an exception
+PASS Construction of Float64Array with out-of-range offset threw an exception
 PASS Construction of ArrayBuffer with negative size threw exception
 PASS Construction of Float64Array with negative size threw exception
 PASS Construction of Float64Array with negative out-of-range values threw an exception
@@ -73,6 +76,7 @@
 PASS Construction of Float64Array with unaligned length threw an exception
 PASS Construction of huge Float64Array threw exception
 PASS Array lengths matched with explicit and implicit creation of ArrayBuffer
+PASS new Float64Array(new ArrayBuffer(36), 0, 2) succeeded
 Testing subarray of Float64Array
 PASS array.length is 32 / typeSize
 PASS array.subarray(4, 0x3FFFFFFF).length is (32 / typeSize) - 4
@@ -110,7 +114,8 @@
 PASS Construction of Int8Array with null buffer threw exception
 PASS Construction of Int8Array with (null buffer, 0) threw exception
 PASS Construction of Int8Array with (null buffer, 0, 0) threw exception
-PASS Construction of Int8Array with out-of-range values threw an exception
+PASS Construction of Int8Array with out-of-range number of elements threw an exception
+PASS Construction of Int8Array with out-of-range offset threw an exception
 PASS Construction of ArrayBuffer with negative size threw exception
 PASS Construction of Int8Array with negative size threw exception
 PASS Construction of Int8Array with negative out-of-range values threw an exception
@@ -151,7 +156,8 @@
 PASS Construction of Int16Array with null buffer threw exception
 PASS Construction of Int16Array with (null buffer, 0) threw exception
 PASS Construction of Int16Array with (null buffer, 0, 0) threw exception
-PASS Construction of Int16Array with out-of-range values threw an exception
+PASS Construction of Int16Array with out-of-range number of elements threw an exception
+PASS Construction of Int16Array with out-of-range offset threw an exception
 PASS Construction of ArrayBuffer with negative size threw exception
 PASS Construction of Int16Array with negative size threw exception
 PASS Construction of Int16Array with negative out-of-range values threw an exception
@@ -159,6 +165,7 @@
 PASS Construction of Int16Array with unaligned length threw an exception
 PASS Construction of huge Int16Array threw exception
 PASS Array lengths matched with explicit and implicit creation of ArrayBuffer
+PASS new Int16Array(new ArrayBuffer(9), 0, 2) succeeded
 Testing subarray of Int16Array
 PASS array.length is 32 / typeSize
 PASS array.subarray(4, 0x3FFFFFFF).length is (32 / typeSize) - 4
@@ -196,7 +203,8 @@
 PASS Construction of Int32Array with null buffer threw exception
 PASS Construction of Int32Array with (null buffer, 0) threw exception
 PASS Construction of Int32Array with (null buffer, 0, 0) threw exception
-PASS Construction of Int32Array with out-of-range values threw an exception
+PASS Construction of Int32Array with out-of-range number of elements threw an exception
+PASS Construction of Int32Array with out-of-range offset threw an exception
 PASS Construction of ArrayBuffer with negative size threw exception
 PASS Construction of Int32Array with negative size threw exception
 PASS Construction of Int32Array with negative out-of-range values threw an exception
@@ -204,6 +212,7 @@
 PASS Construction of Int32Array with unaligned length threw an exception
 PASS Construction of huge Int32Array threw exception
 PASS Array lengths matched with explicit and implicit creation of ArrayBuffer
+PASS new Int32Array(new ArrayBuffer(18), 0, 2) succeeded
 Testing subarray of Int32Array
 PASS array.length is 32 / typeSize
 PASS array.subarray(4, 0x3FFFFFFF).length is (32 / typeSize) - 4
@@ -241,7 +250,8 @@
 PASS Construction of Uint8Array with null buffer threw exception
 PASS Construction of Uint8Array with (null buffer, 0) threw exception
 PASS Construction of Uint8Array with (null buffer, 0, 0) threw exception
-PASS Construction of Uint8Array with out-of-range values threw an exception
+PASS Construction of Uint8Array with out-of-range number of elements threw an exception
+PASS Construction of Uint8Array with out-of-range offset threw an exception
 PASS Construction of ArrayBuffer with negative size threw exception
 PASS Construction of Uint8Array with negative size threw exception
 PASS Construction of Uint8Array with negative out-of-range values threw an exception
@@ -282,7 +292,8 @@
 PASS Construction of Uint16Array with null buffer threw exception
 PASS Construction of Uint16Array with (null buffer, 0) threw exception
 PASS Construction of Uint16Array with (null buffer, 0, 0) threw exception
-PASS Construction of Uint16Array with out-of-range values threw an exception
+PASS Construction of Uint16Array with out-of-range number of elements threw an exception
+PASS Construction of Uint16Array with out-of-range offset threw an exception
 PASS Construction of ArrayBuffer with negative size threw exception
 PASS Construction of Uint16Array with negative size threw exception
 PASS Construction of Uint16Array with negative out-of-range values threw an exception
@@ -290,6 +301,7 @@
 PASS Construction of Uint16Array with unaligned length threw an exception
 PASS Construction of huge Uint16Array threw exception
 PASS Array lengths matched with explicit and implicit creation of ArrayBuffer
+PASS new Uint16Array(new ArrayBuffer(9), 0, 2) succeeded
 Testing subarray of Uint16Array
 PASS array.length is 32 / typeSize
 PASS array.subarray(4, 0x3FFFFFFF).length is (32 / typeSize) - 4
@@ -327,7 +339,8 @@
 PASS Construction of Uint32Array with null buffer threw exception
 PASS Construction of Uint32Array with (null buffer, 0) threw exception
 PASS Construction of Uint32Array with (null buffer, 0, 0) threw exception
-PASS Construction of Uint32Array with out-of-range values threw an exception
+PASS Construction of Uint32Array with out-of-range number of elements threw an exception
+PASS Construction of Uint32Array with out-of-range offset threw an exception
 PASS Construction of ArrayBuffer with negative size threw exception
 PASS Construction of Uint32Array with negative size threw exception
 PASS Construction of Uint32Array with negative out-of-range values threw an exception
@@ -335,6 +348,7 @@
 PASS Construction of Uint32Array with unaligned length threw an exception
 PASS Construction of huge Uint32Array threw exception
 PASS Array lengths matched with explicit and implicit creation of ArrayBuffer
+PASS new Uint32Array(new ArrayBuffer(18), 0, 2) succeeded
 Testing subarray of Uint32Array
 PASS array.length is 32 / typeSize
 PASS array.subarray(4, 0x3FFFFFFF).length is (32 / typeSize) - 4

Modified: branches/chromium/835/LayoutTests/fast/canvas/webgl/array-unit-tests.html (91888 => 91889)


--- branches/chromium/835/LayoutTests/fast/canvas/webgl/array-unit-tests.html	2011-07-28 01:24:43 UTC (rev 91888)
+++ branches/chromium/835/LayoutTests/fast/canvas/webgl/array-unit-tests.html	2011-07-28 01:27:55 UTC (rev 91889)
@@ -480,7 +480,11 @@
     shouldThrowIndexSizeErr(function() {
         var buffer = new ArrayBuffer(4);
         var array = new type(buffer, 4, 0x3FFFFFFF);
-    }, "Construction of " + name + " with out-of-range values");
+    }, "Construction of " + name + " with out-of-range number of elements");
+    shouldThrowIndexSizeErr(function() {
+        var buffer = new ArrayBuffer(4);
+        var array = new type(buffer, 8);
+    }, "Construction of " + name + " with out-of-range offset");
 }
 
 function testConstructionWithNegativeOutOfRangeValues(type, name) {
@@ -545,6 +549,21 @@
     }
 }
 
+function testConstructionWithSubPortionOfArrayBuffer(type, name, elementSizeInBytes) {
+    if (elementSizeInBytes > 1) {
+        // Test construction with a valid sub-portion of an array buffer
+        // (whose size is not an integral multiple of the element size).
+        var size = 4 * elementSizeInBytes + (elementSizeInBytes / 2);
+        var buf = new ArrayBuffer(size);
+        try {
+            var array = new type(buf, 0, 2);
+            testPassed("new " + name + "(new ArrayBuffer(" + size + "), 0, 2) succeeded");
+        } catch (e) {
+            testFailed("new " + name + "(new ArrayBuffer(" + size + "), 0, 2) failed: " + e);
+        }
+    }
+}
+
 // These need to be global for shouldBe to see them
 var array;
 var typeSize;
@@ -849,6 +868,7 @@
     testConstructionWithUnalignedLength(type, name, testCase.elementSizeInBytes);
     testConstructionOfHugeArray(type, name, testCase.elementSizeInBytes);
     testConstructionWithBothArrayBufferAndLength(type, name, testCase.elementSizeInBytes);
+    testConstructionWithSubPortionOfArrayBuffer(type, name, testCase.elementSizeInBytes);
     testSubarrayWithOutOfRangeValues(type, name, testCase.elementSizeInBytes);
     testSubarrayWithDefaultValues(type, name, testCase.elementSizeInBytes);
     testSettingFromArrayWithOutOfRangeOffset(type, name);

Modified: branches/chromium/835/Source/WebCore/bindings/js/JSArrayBufferViewHelper.h (91888 => 91889)


--- branches/chromium/835/Source/WebCore/bindings/js/JSArrayBufferViewHelper.h	2011-07-28 01:24:43 UTC (rev 91888)
+++ branches/chromium/835/Source/WebCore/bindings/js/JSArrayBufferViewHelper.h	2011-07-28 01:27:55 UTC (rev 91889)
@@ -93,11 +93,16 @@
         return 0;
 
     unsigned offset = (exec->argumentCount() > 1) ? exec->argument(1).toUInt32(exec) : 0;
-    if ((buffer->byteLength() - offset) % sizeof(T))
-        throwError(exec, createRangeError(exec, "ArrayBuffer length minus the byteOffset is not a multiple of the element size."));
-    unsigned int length = (buffer->byteLength() - offset) / sizeof(T);
+    unsigned int length = 0;
     if (exec->argumentCount() > 2)
         length = exec->argument(2).toUInt32(exec);
+    else {
+        if ((buffer->byteLength() - offset) % sizeof(T)) {
+            throwError(exec, createRangeError(exec, "ArrayBuffer length minus the byteOffset is not a multiple of the element size."));
+            return 0;
+        }
+        length = (buffer->byteLength() - offset) / sizeof(T);
+    }
     RefPtr<C> array = C::create(buffer, offset, length);
     if (!array)
         setDOMException(exec, INDEX_SIZE_ERR);

Modified: branches/chromium/835/Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h (91888 => 91889)


--- branches/chromium/835/Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h	2011-07-28 01:24:43 UTC (rev 91888)
+++ branches/chromium/835/Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h	2011-07-28 01:27:55 UTC (rev 91889)
@@ -54,15 +54,16 @@
         if (!ok)
             return throwError("Could not convert argument 1 to a number");
     }
-    if ((buf->byteLength() - offset) % sizeof(ElementType))
-        return throwError("ArrayBuffer length minus the byteOffset is not a multiple of the element size.", V8Proxy::RangeError);
-    uint32_t length = (buf->byteLength() - offset) / sizeof(ElementType);
+    uint32_t length = 0;
     if (argLen > 2) {
         length = toUInt32(args[2], ok);
         if (!ok)
             return throwError("Could not convert argument 2 to a number");
+    } else {
+        if ((buf->byteLength() - offset) % sizeof(ElementType))
+            return throwError("ArrayBuffer length minus the byteOffset is not a multiple of the element size.", V8Proxy::RangeError);
+        length = (buf->byteLength() - offset) / sizeof(ElementType);
     }
-
     RefPtr<ArrayClass> array = ArrayClass::create(buf, offset, length);
     if (!array) {
         V8Proxy::setDOMException(INDEX_SIZE_ERR);

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to