On 2014/12/15 17:46:19, caitp wrote:
On 2014/12/15 14:18:20, Dmitry Lomov (chromium) wrote:
>
https://codereview.chromium.org/799853003/diff/20001/src/runtime/runtime-array.cc
> File src/runtime/runtime-array.cc (right):
>
>
https://codereview.chromium.org/799853003/diff/20001/src/runtime/runtime-array.cc#newcode468
> src/runtime/runtime-array.cc:468: val->ToUint32(&length);
> On 2014/12/15 14:11:00, caitp wrote:
> > On 2014/12/15 07:23:51, Dmitry Lomov (chromium) wrote:
> > > This is not good.
> > > If ToUInt32 returns false, `length` is uninitialized, but you
proceed as
> > normal.
> > > No idea what the code below would do.
> > > It is ok to not support large lengths, but fail gracefully, do not
do
random
> > > things.
> >
> > I don't think it can return false here, because `val` is (I think)
guaranteed
> to
> > be a number here. In either case, `length` is initialized to 0 before
any
of
> > this happens, so if it does return false and doesn't initialize
`length`,
it's
> a
> > zero value.
> No, ToString calls user code, so anything can happen.
> Good point about length 0 though.
Okay, I'll add some test cases where toString / valueOf return some
primitive
non-numbery things --- other than that it looks ok?
Yes, +extra tests for toString and valueOf that throws
https://codereview.chromium.org/799853003/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
