Ignore:
Timestamp:
Aug 4, 2010, 9:52:25 PM (15 years ago)
Author:
[email protected]
Message:

JavaScriptCore: https://bugs.webkit.org/show_bug.cgi?id=43461
Invalid NaN parsing

Reviewed by Oliver Hunt and Beth Dakin.

  • wtf/dtoa.cpp: Turn off the dtoa feature that allows you to specify a

non-standard NaN representation, since our NaN encoding assumes that all
true NaNs have the standard bit pattern.

  • API/JSValueRef.cpp:

(JSValueMakeNumber): Don't allow an API client to accidentally specify
a non-standard NaN either.

LayoutTests: https://bugs.webkit.org/show_bug.cgi?id=43461
Crash parsing certain values for NaN

Reviewed by Oliver Hunt and Beth Dakin.

  • fast/js/parse-nan.html: Added.
  • fast/js/script-tests/parse-nan.js: Added.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/API/JSValueRef.cpp

    r59941 r64706  
    214214    APIEntryShim entryShim(exec);
    215215
     216    // Our JSValue representation relies on a standard bit pattern for NaN. NaNs
     217    // generated internally to JavaScriptCore naturally have that representation,
     218    // but an external NaN might not.
     219    if (isnan(value))
     220        value = NaN;
     221
    216222    return toRef(exec, jsNumber(exec, value));
    217223}
Note: See TracChangeset for help on using the changeset viewer.