Context Navigation

array_object.cpp

Timestamp:

Feb 2, 2004, 5:18:18 PM (21 years ago)

Author:

darin

Message:

Reviewed by Maciej.

fixed <rdar://problem/3546613>: array of negative size leads to crash (test page at oscar.the-rileys.net)

kjs/array_object.cpp: (ArrayInstanceImp::ArrayInstanceImp): If the length is greater than 10,000, don't allocate an array until we start putting values in. This prevents new Array(2147483647) from causing trouble. (ArrayObjectImp::construct): Check number as described in specification, and raise a range error if the number is out of range. This prevents new Array(-1) from causing trouble.

fixed <rdar://problem/3545756>: Math.round screws up on numbers bigger than 2^{31 (incorrect results on HP-35 calculator page)}

kjs/math_object.cpp: (MathFuncImp::call): Change implementation to be much simpler and not involve casting to int. Results now match those in other browsers.

File:

-              r6025
+              r6028
   : ObjectImp(proto)
   , length(initialLength)
   , storageLength(initialLength)
+  , storageLength(initialLength < sparseArrayCutoff ? initialLength : 0)
   , capacity(storageLength)
   , storage(capacity ? (ValueImp **)calloc(capacity, sizeof(ValueImp *)) : 0)
 …
+{
   // a single numeric argument denotes the array size (!)
+  if (args.size() == 1 && args[0].type() == NumberType)
+    return Object(new ArrayInstanceImp(exec->interpreter()->builtinArrayPrototype().imp(), args[0].toUInt32(exec)));
+  if (args.size() == 1 && args[0].type() == NumberType) {
+    uint32_t n = args[0].toUInt32(exec);
+    if (n != args[0].toNumber(exec)) {
+      Object error = Error::create(exec, RangeError, "Array size is not a small enough positive integer.");
+      exec->setException(error);
+      return error;
+    }
+    return Object(new ArrayInstanceImp(exec->interpreter()->builtinArrayPrototype().imp(), n));
+  }
   // otherwise the array is constructed with the arguments in it

Note: See TracChangeset for help on using the changeset viewer.