[Public WebGL] Negative bufferSubData() offset crash chrome

Subject: [Public WebGL] Negative bufferSubData() offset crash chrome

Date: Tue, 1 Feb 2011 10:36:08 +0200

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:from:date:message-id:subject:to :content-type; bh=aHWqaC9goz8foL0DBb1U47xPiMb3AXGLmxcYWy8aFjk=; b=abzPVV6toafvRMgxXlghqIQMKiujo+c/6T//tFLMQI2UJw68eEXwJjR1eCA92mstvx eOYrvELH7u1W4cuc6XxbpwAyjHq2LShORv1oBOpsmf7+bjm9i1vz9UGryPaVhFmm57Vj Oq8tPXkBaKLghQ0DumvjoHqP6lOLK02C/52sI=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; b=Yf1VUjTC9xBVoi4qrSmDhhsHChFbbvtSlm+Xg3tovbWgFcGO7vFx9ldkaVhyGQKhY3 4ayP7sKTw6TpnoRJRpUAU9G/OXYXQyc7paAlNXhcckhBuXDOxvMDTajXtmgv5tx2ROie 2vAq/b/wAod5bYe4O8+FQxNY85rHcu1bnSSB8=

List-id: Public WebGL Mailing List <public_webgl.khronos.org>

Sender: owner-public_webgl@khronos.org

This little bit of code:

function crash() {
    buf = gl.createBuffer();
    gl.bindBuffer(gl.ELEMENT_ARRAY_BUFFER, buf);
    gl.bufferData(gl.ELEMENT_ARRAY_BUFFER, 16, gl.DYNAMIC_DRAW);
    gl.bufferSubData(gl.ELEMENT_ARRAY_BUFFER, -20, new Uint16Array([1,2,3,4]));
}

seem to crash chrome tab in about 1 out of 3 tries on average.
After a few such crashes webgl stops working altogether but restarting the chrome from scratch starts a clean slate.
using chrome 9.0.597.83 on Windows Vista 32bit with an nVidia card
filed a bug here

Haven't checked firefox yet since for some reason WebGL doesn't work for me there as of yesterday.