Context Navigation

function.cpp

Timestamp:

May 21, 2008, 12:15:01 PM (17 years ago)

Author:

Darin Adler

Message:

JavaScriptCore:

2008-05-21 Darin Adler <Darin Adler>

Reviewed by Anders.

Test: fast/js/arguments-bad-index.html

kjs/function.cpp: (KJS::IndexToNameMap::IndexToNameMap): Use unsigned instead of int. (KJS::IndexToNameMap::isMapped): Use unsigned instead of int, and also use the strict version of the numeric conversion function, since we don't want to allow trailing junk. (KJS::IndexToNameMap::unMap): Ditto. (KJS::IndexToNameMap::operator[]): Ditto.
kjs/function.h: Changed IndexToNameMap::size type from int to unsigned.

LayoutTests:

2008-05-21 Darin Adler <Darin Adler>

Reviewed by Anders.

test for <rdar://problem/5952721> bug in JavaScript arguments object property lookup

File:

-              r33038
+              r33972
   this->size = args.size();
   int i = 0;
+  unsigned i = 0;
   List::const_iterator end = args.end();
   for (List::const_iterator it = args.begin(); it != end; ++i, ++it)
 …
+}
+IndexToNameMap::~IndexToNameMap() {
+IndexToNameMap::~IndexToNameMap()
+{
   delete [] _map;
+}
 …
+{
   bool indexIsNumber;
   int indexAsNumber = index.toUInt32(&indexIsNumber);
+  unsigned indexAsNumber = index.toStrictUInt32(&indexIsNumber);
   if (!indexIsNumber)
 …
+{
   bool indexIsNumber;
   int indexAsNumber = index.toUInt32(&indexIsNumber);
+  unsigned indexAsNumber = index.toStrictUInt32(&indexIsNumber);
   ASSERT(indexIsNumber && indexAsNumber < size);
 …
+}
-Identifier& IndexToNameMap::operator[](int index)
+{
-  return _map[index];
+}
 Identifier& IndexToNameMap::operator[](const Identifier& index)
+{
   bool indexIsNumber;
   int indexAsNumber = index.toUInt32(&indexIsNumber);
+  unsigned indexAsNumber = index.toStrictUInt32(&indexIsNumber);
   ASSERT(indexIsNumber && indexAsNumber < size);
   return (*this)[indexAsNumber];
+  return _map[indexAsNumber];
+}

Note: See TracChangeset for help on using the changeset viewer.