https://codereview.chromium.org/799853003/diff/20001/src/runtime/runtime-array.cc
File src/runtime/runtime-array.cc (right):
https://codereview.chromium.org/799853003/diff/20001/src/runtime/runtime-array.cc#newcode468
src/runtime/runtime-array.cc:468: val->ToUint32(&length);
On 2014/12/15 07:23:51, Dmitry Lomov (chromium) wrote:
This is not good.
If ToUInt32 returns false, `length` is uninitialized, but you proceed
as normal.
No idea what the code below would do.
It is ok to not support large lengths, but fail gracefully, do not do
random
things.
I don't think it can return false here, because `val` is (I think)
guaranteed to be a number here. In either case, `length` is initialized
to 0 before any of this happens, so if it does return false and doesn't
initialize `length`, it's a zero value.
https://codereview.chromium.org/799853003/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
