On 2014/12/15 14:18:20, Dmitry Lomov (chromium) wrote:
https://codereview.chromium.org/799853003/diff/20001/src/runtime/runtime-array.cc
File src/runtime/runtime-array.cc (right):
https://codereview.chromium.org/799853003/diff/20001/src/runtime/runtime-array.cc#newcode468
src/runtime/runtime-array.cc:468: val->ToUint32(&length);
On 2014/12/15 14:11:00, caitp wrote:
> On 2014/12/15 07:23:51, Dmitry Lomov (chromium) wrote:
> > This is not good.
> > If ToUInt32 returns false, `length` is uninitialized, but you proceed
as
> normal.
> > No idea what the code below would do.
> > It is ok to not support large lengths, but fail gracefully, do not do
random
> > things.
>
> I don't think it can return false here, because `val` is (I think)
guaranteed
to
> be a number here. In either case, `length` is initialized to 0 before
any of
> this happens, so if it does return false and doesn't initialize
`length`,
it's
a
> zero value.
No, ToString calls user code, so anything can happen.
Good point about length 0 though.
Okay, I'll add some test cases where toString / valueOf return some
primitive
non-numbery things --- other than that it looks ok?
https://codereview.chromium.org/799853003/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
