Skip to site navigation (Press enter)

[webkit-changes] [109918] trunk

commit-queue Tue, 06 Mar 2012 07:30:59 -0800

Title: [109918] trunk

Revision: 109918
Author: [email protected]
Date: 2012-03-06 07:30:51 -0800 (Tue, 06 Mar 2012)

Log Message

TypedArray subarray call for subarray does not clamp the end index parameter properly
https://bugs.webkit.org/show_bug.cgi?id=80285


Patch by Ulan Degenbaev <[email protected]> on 2012-03-06
Reviewed by Kenneth Russell.

Source/_javascript_Core:

* wtf/ArrayBufferView.h:
(WTF::ArrayBufferView::calculateOffsetAndLength):

LayoutTests:

* fast/canvas/webgl/array-unit-tests-expected.txt:
* fast/canvas/webgl/array-unit-tests.html:

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/LayoutTests/fast/canvas/webgl/array-unit-tests-expected.txt
trunk/LayoutTests/fast/canvas/webgl/array-unit-tests.html
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/wtf/ArrayBufferView.h

Diff

Modified: trunk/LayoutTests/ChangeLog (109917 => 109918)


--- trunk/LayoutTests/ChangeLog	2012-03-06 15:17:00 UTC (rev 109917)
+++ trunk/LayoutTests/ChangeLog	2012-03-06 15:30:51 UTC (rev 109918)
@@ -1,3 +1,13 @@
+2012-03-06  Ulan Degenbaev  <[email protected]>
+
+        TypedArray subarray call for subarray does not clamp the end index parameter properly
+        https://bugs.webkit.org/show_bug.cgi?id=80285
+
+        Reviewed by Kenneth Russell.
+
+        * fast/canvas/webgl/array-unit-tests-expected.txt:
+        * fast/canvas/webgl/array-unit-tests.html:
+
 2012-03-06  Stephen Chenney  <[email protected]>
 
         Update Chromium/SVG expectations after the <use> rewrite

Modified: trunk/LayoutTests/fast/canvas/webgl/array-unit-tests-expected.txt (109917 => 109918)


--- trunk/LayoutTests/fast/canvas/webgl/array-unit-tests-expected.txt	2012-03-06 15:17:00 UTC (rev 109917)
+++ trunk/LayoutTests/fast/canvas/webgl/array-unit-tests-expected.txt	2012-03-06 15:30:51 UTC (rev 109918)
@@ -15,6 +15,7 @@
 PASS test Float32Array SetFromArray
 PASS negativeTest Float32Array SetFromArray
 PASS test Float32Array Subarray
+PASS test Float32Array Subarray offset and length clamping
 PASS negativeTest Float32Array Subarray
 PASS test Float32Array SetBoundaryConditions
 PASS test Float32Array ConstructionBoundaryConditions
@@ -69,6 +70,7 @@
 PASS test Float64Array SetFromArray
 PASS negativeTest Float64Array SetFromArray
 PASS test Float64Array Subarray
+PASS test Float64Array Subarray offset and length clamping
 PASS negativeTest Float64Array Subarray
 PASS test Float64Array SetBoundaryConditions
 PASS test Float64Array ConstructionBoundaryConditions
@@ -124,6 +126,7 @@
 PASS test Int8Array SetFromArray
 PASS negativeTest Int8Array SetFromArray
 PASS test Int8Array Subarray
+PASS test Int8Array Subarray offset and length clamping
 PASS negativeTest Int8Array Subarray
 PASS test Int8Array SetBoundaryConditions
 PASS test Int8Array ConstructionBoundaryConditions
@@ -174,6 +177,7 @@
 PASS test Int16Array SetFromArray
 PASS negativeTest Int16Array SetFromArray
 PASS test Int16Array Subarray
+PASS test Int16Array Subarray offset and length clamping
 PASS negativeTest Int16Array Subarray
 PASS test Int16Array SetBoundaryConditions
 PASS test Int16Array ConstructionBoundaryConditions
@@ -229,6 +233,7 @@
 PASS test Int32Array SetFromArray
 PASS negativeTest Int32Array SetFromArray
 PASS test Int32Array Subarray
+PASS test Int32Array Subarray offset and length clamping
 PASS negativeTest Int32Array Subarray
 PASS test Int32Array SetBoundaryConditions
 PASS test Int32Array ConstructionBoundaryConditions
@@ -284,6 +289,7 @@
 PASS test Uint8Array SetFromArray
 PASS negativeTest Uint8Array SetFromArray
 PASS test Uint8Array Subarray
+PASS test Uint8Array Subarray offset and length clamping
 PASS negativeTest Uint8Array Subarray
 PASS test Uint8Array SetBoundaryConditions
 PASS test Uint8Array ConstructionBoundaryConditions
@@ -334,6 +340,7 @@
 PASS test Uint8ClampedArray SetFromArray
 PASS negativeTest Uint8ClampedArray SetFromArray
 PASS test Uint8ClampedArray Subarray
+PASS test Uint8ClampedArray Subarray offset and length clamping
 PASS negativeTest Uint8ClampedArray Subarray
 PASS test Uint8ClampedArray SetBoundaryConditions
 PASS test Uint8ClampedArray ConstructionBoundaryConditions
@@ -384,6 +391,7 @@
 PASS test Uint16Array SetFromArray
 PASS negativeTest Uint16Array SetFromArray
 PASS test Uint16Array Subarray
+PASS test Uint16Array Subarray offset and length clamping
 PASS negativeTest Uint16Array Subarray
 PASS test Uint16Array SetBoundaryConditions
 PASS test Uint16Array ConstructionBoundaryConditions
@@ -439,6 +447,7 @@
 PASS test Uint32Array SetFromArray
 PASS negativeTest Uint32Array SetFromArray
 PASS test Uint32Array Subarray
+PASS test Uint32Array Subarray offset and length clamping
 PASS negativeTest Uint32Array Subarray
 PASS test Uint32Array SetBoundaryConditions
 PASS test Uint32Array ConstructionBoundaryConditions

Modified: trunk/LayoutTests/fast/canvas/webgl/array-unit-tests.html (109917 => 109918)


--- trunk/LayoutTests/fast/canvas/webgl/array-unit-tests.html	2012-03-06 15:17:00 UTC (rev 109917)
+++ trunk/LayoutTests/fast/canvas/webgl/array-unit-tests.html	2012-03-06 15:30:51 UTC (rev 109918)
@@ -454,6 +454,21 @@
   }
 }
 
+function testSubarrayOffsetAndLengthClamping(type, name) {
+  running('test ' + name + ' Subarray offset and length clamping');
+  try {
+    var array = new type([0, 1, 2, 3, 4, 5, 6, 7, 8, 9]);
+    var subarray1 = array.subarray(0, 5);
+    var subarray2 = subarray1.subarray(-2, 10);
+    assertEq('subarray2.length', 2, subarray2.length);
+    assertEq('Element ' + 0, 3, subarray2[0]);
+    assertEq('Element ' + 1, 4, subarray2[1]);
+    pass();
+  } catch (e) {
+    fail(e);
+  }
+}
+
 function negativeTestSubarray(type, name) {
   running('negativeTest ' + name + ' Subarray');
   try {
@@ -990,6 +1005,7 @@
     testSetFromArray(type, name);
     negativeTestSetFromArray(type, name);
     testSubarray(type, name);
+    testSubarrayOffsetAndLengthClamping(type, name);
     negativeTestSubarray(type, name);
     testSetBoundaryConditions(type,
                               name,

Modified: trunk/Source/_javascript_Core/ChangeLog (109917 => 109918)


--- trunk/Source/_javascript_Core/ChangeLog	2012-03-06 15:17:00 UTC (rev 109917)
+++ trunk/Source/_javascript_Core/ChangeLog	2012-03-06 15:30:51 UTC (rev 109918)
@@ -1,3 +1,13 @@
+2012-03-06  Ulan Degenbaev  <[email protected]>
+
+        TypedArray subarray call for subarray does not clamp the end index parameter properly
+        https://bugs.webkit.org/show_bug.cgi?id=80285
+
+        Reviewed by Kenneth Russell.
+
+        * wtf/ArrayBufferView.h:
+        (WTF::ArrayBufferView::calculateOffsetAndLength):
+
 2012-03-06  Sheriff Bot  <[email protected]>
 
         Unreviewed, rolling out r109837.

Modified: trunk/Source/_javascript_Core/wtf/ArrayBufferView.h (109917 => 109918)


--- trunk/Source/_javascript_Core/wtf/ArrayBufferView.h	2012-03-06 15:17:00 UTC (rev 109917)
+++ trunk/Source/_javascript_Core/wtf/ArrayBufferView.h	2012-03-06 15:30:51 UTC (rev 109918)
@@ -186,6 +186,8 @@
         end += arraySize;
     if (end < 0)
         end = 0;
+    if (static_cast<unsigned>(end) > arraySize)
+        end = arraySize;
     if (end < start)
         end = start;
     *offset = static_cast<unsigned>(start);

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes