Reviewers: jochen,
Description:
Prevent empty handle dereference in Runtime_InternalNumberFormat.
[email protected]
BUG=chromium:275467
Please review this at https://codereview.chromium.org/22859025/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/runtime.cc
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index
f6da37176bdf19ad127de7a99e805931619d9c4d..dc648b2fd0cd55434c7f9ce172499f46f4e0d4d0
100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -13753,7 +13753,7 @@ RUNTIME_FUNCTION(MaybeObject*,
Runtime_InternalNumberFormat) {
CONVERT_ARG_HANDLE_CHECKED(Object, number, 1);
bool has_pending_exception = false;
- double value = Execution::ToNumber(number,
&has_pending_exception)->Number();
+ Handle<Object> value = Execution::ToNumber(number,
&has_pending_exception);
if (has_pending_exception) {
ASSERT(isolate->has_pending_exception());
return Failure::Exception();
@@ -13764,7 +13764,7 @@ RUNTIME_FUNCTION(MaybeObject*,
Runtime_InternalNumberFormat) {
if (!number_format) return isolate->ThrowIllegalOperation();
icu::UnicodeString result;
- number_format->format(value, result);
+ number_format->format(value->Number(), result);
return *isolate->factory()->NewStringFromTwoByte(
Vector<const uint16_t>(
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
