New issue
Advanced search Search tips

Issue 923688 link

Starred by 1 user
Status: Untriaged
Owner: ----
Cc:
susan.boorgula@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Missing V8 macro parameter results in message "RangeError: Invalid DataView length undefined"

Reported by tshin...@gmail.com, Jan 20 (3 days ago) 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Steps to reproduce the problem:
1. Debug console
2. t = new Uint8Array([1,2,3,4,5,6,7,8])
3. d = new DataView(t.buffer, 8, 1)
produces "RangeError: Invalid DataView length undefined"
4. d = new DataView(t.buffer, 7, -1)
produces "RangeError: Invalid DataView length -1"

What is the expected behavior?
The first error should display the faulty length argument in the same way the second error displays "-1"

What went wrong?
The message of interest is 
  T(InvalidDataViewLength, "Invalid DataView length %")
found at 
  https://github.com/nodejs/node/blob/master/deps/v8/src/messages.h#L555
and is referenced using kInvalidDataViewLength .

The code stanza at
  https://github.com/v8/v8/blob/515d3400d1eda3cb6c06b6bced0e4435d3138b52/src/builtins/builtins-dataview.cc#L75
has two invocations of a RangeError for message kInvalidDataViewLength .

The first macro ASSIGN_RETURN_FAILURE_ON_EXCEPTION() includes the argument "view_byte_length" in the message. This produces the example "Invalid DataView length -1"

The second macro THROW_NEW_ERROR_RETURN_FAILURE() does *not* include an argument value. This produces the example "Invalid DataView length undefined"

The absence of a macro argument when using a message containing "%s"
causes 'undefined' to appear instead of something useful.

Other instances of THROW_NEW_ERROR_RETURN_FAILURE() for other messages do include an argument, such as 
  https://github.com/v8/v8/blob/515d3400d1eda3cb6c06b6bced0e4435d3138b52/src/builtins/builtins-dataview.cc#L58
with message
  T(InvalidOffset, "Start offset % is outside the bounds of the buffer")
and 
  https://github.com/v8/v8/blob/f5ff863f25ff5f5b3b5f393b7b33a250e0014e3b/src/objects/js-relative-time-format.cc#L343
with message
  T(InvalidUnit, "Invalid unit argument for %() '%'")    

Did this work before? No 

Chrome version: 71.0.3578.98  Channel: stable
OS Version: 10.0
Flash Version: 

Same results when tested with canary Version 73.0.3677.1 (Official Build) canary-dcheck (32-bit) and with Node 11.6.0

Comment 1 by susan.boorgula@chromium.org, Jan 20 (2 days ago)

Labels: Needs-Triage-M71

Comment 2 by susan.boorgula@chromium.org, Today (17 hours ago)

Cc: susan.boorgula@chromium.org
Components: Infra>Client>V8
Labels: Triaged-ET Target-73 M-73 FoundIn-71 FoundIn-73 FoundIn-72 OS-Linux OS-Mac
Status: Untriaged (was: Unconfirmed)
tshinnic@ Thanks for the issue.

Able to reproduce this issue on Windows 10, Ubuntu 17.10 on the latest Stable 71.0.3578.98 and latest Canary 73.0.3680.0.
Attached is the screen shot for reference.

This is a Non-Regression issue as this behavior is observed from M-60 chrome builds.
Hence marking this as Untriaged for further updates from Dev.

Thanks..
923688-M60.PNG
55.0 KB View Download

Comment 3 by serg...@chromium.org, Today (13 hours ago)

Components: -Blink -Infra>Client>V8 Blink>JavaScript
Infra>Client>V8 is the component for V8-related development infrastructure. This is a product related issue. Moving to Blink>JavaScript.

Sign in to add a comment