https://codereview.chromium.org/799853003/diff/20001/src/runtime/runtime-array.cc
File src/runtime/runtime-array.cc (right):
https://codereview.chromium.org/799853003/diff/20001/src/runtime/runtime-array.cc#newcode468
src/runtime/runtime-array.cc:468: val->ToUint32(&length);
On 2014/12/15 14:11:00, caitp wrote:
On 2014/12/15 07:23:51, Dmitry Lomov (chromium) wrote:
> This is not good.
> If ToUInt32 returns false, `length` is uninitialized, but you
proceed as
normal.
> No idea what the code below would do.
> It is ok to not support large lengths, but fail gracefully, do not
do random
> things.
I don't think it can return false here, because `val` is (I think)
guaranteed to
be a number here. In either case, `length` is initialized to 0 before
any of
this happens, so if it does return false and doesn't initialize
`length`, it's a
zero value.
No, ToString calls user code, so anything can happen.
Good point about length 0 though.
https://codereview.chromium.org/799853003/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
