[webkit-changes] [125947] trunk/Source/WebCore

Fri, 17 Aug 2012 16:35:04 -0700

Title: [125947] trunk/Source/WebCore
Revision
125947
Author
commit-qu...@webkit.org
Date
2012-08-17 16:35:22 -0700 (Fri, 17 Aug 2012)

Log Message

[V8] use checkInboundData in setWebGLArrayHelper
https://bugs.webkit.org/show_bug.cgi?id=93051

Patch by Arnaud Renevier <a.renev...@sisa.samsung.com> on 2012-08-17
Reviewed by Kenneth Russell.

Use TypedArray method checkInboundData in setWebGLArrayHelper instead
of performing the computation manually.

No new tests. This patch doesn't change behavior.

* bindings/v8/custom/V8ArrayBufferViewCustom.h:
(WebCore::setWebGLArrayHelper):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (125946 => 125947)


--- trunk/Source/WebCore/ChangeLog	2012-08-17 23:27:45 UTC (rev 125946)
+++ trunk/Source/WebCore/ChangeLog	2012-08-17 23:35:22 UTC (rev 125947)
@@ -1,3 +1,18 @@
+2012-08-17  Arnaud Renevier  <a.renev...@sisa.samsung.com>
+
+        [V8] use checkInboundData in setWebGLArrayHelper
+        https://bugs.webkit.org/show_bug.cgi?id=93051
+
+        Reviewed by Kenneth Russell.
+
+        Use TypedArray method checkInboundData in setWebGLArrayHelper instead
+        of performing the computation manually.
+
+        No new tests. This patch doesn't change behavior.
+
+        * bindings/v8/custom/V8ArrayBufferViewCustom.h:
+        (WebCore::setWebGLArrayHelper):
+
 2012-08-17  Alexey Proskuryakov  <a...@apple.com>
 
         REGRESSION (r125912): Crashes in worker tests

Modified: trunk/Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h (125946 => 125947)


--- trunk/Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h	2012-08-17 23:27:45 UTC (rev 125946)
+++ trunk/Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h	2012-08-17 23:35:22 UTC (rev 125947)
@@ -227,12 +227,8 @@
         if (args.Length() == 2)
             offset = toUInt32(args[1]);
         uint32_t length = toUInt32(array->Get(v8::String::New("length")));
-        if (offset > impl->length()
-            || offset + length > impl->length()
-            || offset + length < offset) {
-            // Out of range offset or overflow
+        if (!impl->checkInboundData(offset, length))
             return throwError(RangeError, outOfRangeLengthAndOffset, args.GetIsolate());
-        }
         bool copied = copyElements(args.Holder(), array, length, offset, args.GetIsolate());
         if (!copied) {
             for (uint32_t i = 0; i < length; i++)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to