new Int32Array(new ArrayBuffer(100), 1, 1) shouldn't throw an error that says "RangeE...
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Jul 2014 00:26:19 +0000 (00:26 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Jul 2014 00:26:19 +0000 (00:26 +0000)
commit016af1e6ddffb6b19ebf14c7bbce89df68356350
treec50d45c324f82dcb44440ac0b9ca6a23f93d8228
parent470b132d3a16ae41198c73851a828933892dec1e
new Int32Array(new ArrayBuffer(100), 1, 1) shouldn't throw an error that says "RangeError: Byte offset and length out of range of buffer"
https://bugs.webkit.org/show_bug.cgi?id=125391

Patch by Diego Pino Garcia <dpino@igalia.com> on 2014-07-21
Reviewed by Darin Adler.

Source/JavaScriptCore:
Create own method for verifying byte offset alignment.

* runtime/ArrayBufferView.h:
(JSC::ArrayBufferView::verifyByteOffsetAlignment):
(JSC::ArrayBufferView::verifySubRangeLength):
(JSC::ArrayBufferView::verifySubRange): Deleted.
* runtime/GenericTypedArrayViewInlines.h:
(JSC::GenericTypedArrayView<Adaptor>::create):
* runtime/JSDataView.cpp:
(JSC::JSDataView::create):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::create):

LayoutTests:
* fast/canvas/webgl/data-view-crash-expected.txt:
* fast/canvas/webgl/data-view-test-expected.txt:
* fast/canvas/webgl/data-view-test.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171323 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/canvas/webgl/data-view-crash-expected.txt
LayoutTests/fast/canvas/webgl/data-view-test-expected.txt
LayoutTests/fast/canvas/webgl/data-view-test.html
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/ArrayBufferView.h
Source/JavaScriptCore/runtime/GenericTypedArrayViewInlines.h
Source/JavaScriptCore/runtime/JSDataView.cpp
Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h