Date: Tue, 28 Sep 2021 14:45:08 +0000 From: bugzilla-noreply@freebsd.org To: chromium@FreeBSD.org Subject: maintainer-feedback requested: [Bug 258762] www/chromium: Serious typed array initialization problem 92.0.4515.159 (Official Build) (64-bit) Message-ID: <bug-258762-28929-0woLUn3Ndo@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-258762-28929@https.bugs.freebsd.org/bugzilla/> References: <bug-258762-28929@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-chromium (Nobo= dy) <chromium@FreeBSD.org> for maintainer-feedback: Bug 258762: www/chromium: Serious typed array initialization problem 92.0.4515.159 (Official Build) (64-bit) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258762 --- Description --- Typed arrays are being initialized filled with garbage, not zeros. For example: var r =3D new Int32Array(38); r Int32Array(38)=C2=A0[-399179776, -1610579712, 399179775, 1610579711, 0, 0, = 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, = 0, 0, 0, 0] See attached html file with javascript within for a test case. To reproduce the bug, open Chromium, then open devtools. Load the attached HTML page. It will give you instructions, which boil down to executing the above two commands, then refreshing the page and repeating until you find t= hat the array "r" was initialized with garbage. This is a show-stopping bug: My company's complex javascript application completely fails to run because its data arrays get corrupted as above.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-258762-28929-0woLUn3Ndo>