Closed Bug 1133377 Opened 11 years ago Closed 11 years ago

DataView constructor handles explicitly undefined parameters wrong

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
37 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla39
Tracking Flags:
Tracking Status
firefox39 --- fixed

People

(Reporter: punk.song4856, Assigned: jonco)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

bug1133377-data-view-constructor
1.63 KB, patch
sfink
: review+
Details | Diff | Splinter Review
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0 Build ID: 20150215004021 Steps to reproduce: var buff = new ArrayBuffer(100); view = new DataView(buff, undefined, undefined); At this moment (Feb 16 2015) the bug is also present in the Nightly build. Actual results: returns DataView { buffer: ArrayBuffer, byteLength: 0, byteOffset: 0 } this is a problem because: function CustomView(buffer, offset, length) { this.theView = new DataView(buffer, offset, length); // ... } so if I use: var view = new CustomView(buffer); it gives me an unusable object. Expected results: should return DataView { buffer: ArrayBuffer, byteLength: 100, byteOffset: 0 }
Component: Untriaged → JavaScript Engine
Product: Firefox → Core
Looks to me like DataViewObject::construct is checking args.length() > 2 whereas per spec it should be checking whether args.get(2).isUndefined() is true.
Blocks: es6
Status: UNCONFIRMED → NEW
Ever confirmed: true
As suggested, check whether argument is undefined.
Assignee: nobody → jcoppeard
Attachment #8569984 - Flags: review?(sphink)
Comment on attachment 8569984 [details] [diff] [review] bug1133377-data-view-constructor Review of attachment 8569984 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/vm/TypedArrayObject.cpp @@ +1061,5 @@ > JSMSG_ARG_INDEX_OUT_OF_RANGE, "1"); > return false; > } > > + if (args.length() > 2 && !args[2].isUndefined()) { I'm with bz, I would expect args.get(2).isUndefined() This is a spec change from the original Khronos draft, I think. I don't think the es-discuss people had even settled on variable arg list handling then. (And typed arrays weren't in ES back then anyway.) I wonder if there are more of these lurking.
Attachment #8569984 - Flags: review?(sphink) → review+
https://hg.mozilla.org/mozilla-central/rev/dc1374ca3034
Status: NEW → RESOLVED
Closed: 11 years ago
status-firefox39: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: