Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (293219 => 293220)
--- trunk/Source/_javascript_Core/ChangeLog 2022-04-22 13:29:23 UTC (rev 293219)
+++ trunk/Source/_javascript_Core/ChangeLog 2022-04-22 14:03:47 UTC (rev 293220)
@@ -1,3 +1,14 @@
+2022-04-22 Mark Lam <[email protected]>
+
+ Apply purifyNaN in more places.
+ https://bugs.webkit.org/show_bug.cgi?id=239619
+ <rdar://problem/91924480>
+
+ Reviewed by Yusuke Suzuki.
+
+ * wasm/js/JSWebAssemblyHelpers.h:
+ (JSC::toJSValue):
+
2022-04-21 Yusuke Suzuki <[email protected]>
[JSC] PropertyTable should have compact mode
Modified: trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyHelpers.h (293219 => 293220)
--- trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyHelpers.h 2022-04-22 13:29:23 UTC (rev 293219)
+++ trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyHelpers.h 2022-04-22 14:03:47 UTC (rev 293220)
@@ -160,7 +160,7 @@
case Wasm::TypeKind::I32:
return jsNumber(static_cast<int32_t>(bits));
case Wasm::TypeKind::F32:
- return jsNumber(bitwise_cast<float>(static_cast<int32_t>(bits)));
+ return jsNumber(purifyNaN(bitwise_cast<float>(static_cast<int32_t>(bits))));
case Wasm::TypeKind::F64:
return jsNumber(purifyNaN(bitwise_cast<double>(bits)));
case Wasm::TypeKind::I64:
Modified: trunk/Source/WebCore/ChangeLog (293219 => 293220)
--- trunk/Source/WebCore/ChangeLog 2022-04-22 13:29:23 UTC (rev 293219)
+++ trunk/Source/WebCore/ChangeLog 2022-04-22 14:03:47 UTC (rev 293220)
@@ -1,3 +1,20 @@
+2022-04-22 Mark Lam <[email protected]>
+
+ Apply purifyNaN in more places.
+ https://bugs.webkit.org/show_bug.cgi?id=239619
+ <rdar://problem/91924480>
+
+ Reviewed by Yusuke Suzuki.
+
+ * bindings/js/IDBBindingUtilities.cpp:
+ (WebCore::toJS):
+ * bindings/js/JSDOMConvertWebGL.cpp:
+ (WebCore::convertToJSValue):
+ * bindings/js/SerializedScriptValue.cpp:
+ (WebCore::CloneDeserializer::readTerminal):
+ * bridge/objc/objc_utility.mm:
+ (JSC::Bindings::convertObjcValueToValue):
+
2022-04-22 Andres Gonzalez <[email protected]>
Fix for accessibility/aria-grid-with-aria-owns-rows.html in isolated tree mode.
Modified: trunk/Source/WebCore/bindings/js/IDBBindingUtilities.cpp (293219 => 293220)
--- trunk/Source/WebCore/bindings/js/IDBBindingUtilities.cpp 2022-04-22 13:29:23 UTC (rev 293219)
+++ trunk/Source/WebCore/bindings/js/IDBBindingUtilities.cpp 2022-04-22 14:03:47 UTC (rev 293220)
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2010 Google Inc. All rights reserved.
* Copyright (C) 2012 Michael Pruett <[email protected]>
- * Copyright (C) 2014-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2022 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -179,7 +179,7 @@
// http://w3c.github.io/IndexedDB/#request-convert-a-key-to-a-value
RELEASE_AND_RETURN(scope, toJS<IDLNullable<IDLDate>>(lexicalGlobalObject, WallTime::fromRawSeconds(Seconds::fromMilliseconds(key->date()).value())));
case IndexedDB::KeyType::Number:
- return jsNumber(key->number());
+ return jsNumber(purifyNaN(key->number()));
case IndexedDB::KeyType::Min:
case IndexedDB::KeyType::Max:
case IndexedDB::KeyType::Invalid:
Modified: trunk/Source/WebCore/bindings/js/JSDOMConvertWebGL.cpp (293219 => 293220)
--- trunk/Source/WebCore/bindings/js/JSDOMConvertWebGL.cpp 2022-04-22 13:29:23 UTC (rev 293219)
+++ trunk/Source/WebCore/bindings/js/JSDOMConvertWebGL.cpp 2022-04-22 14:03:47 UTC (rev 293220)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2022 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -91,7 +91,7 @@
}, [] (long long value) -> JSValue {
return jsNumber(value);
}, [] (float value) -> JSValue {
- return jsNumber(value);
+ return jsNumber(purifyNaN(value));
}, [&] (const String& value) -> JSValue {
return jsStringWithCache(lexicalGlobalObject.vm(), value);
}, [&] (const Vector<bool>& values) -> JSValue {
Modified: trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp (293219 => 293220)
--- trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp 2022-04-22 13:29:23 UTC (rev 293219)
+++ trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp 2022-04-22 14:03:47 UTC (rev 293220)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2009-2022 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -3540,7 +3540,7 @@
double d;
if (!read(d))
return JSValue();
- return jsNumber(d);
+ return jsNumber(purifyNaN(d));
}
case BigIntTag:
return readBigInt();
@@ -3548,7 +3548,7 @@
double d;
if (!read(d))
return JSValue();
- NumberObject* obj = constructNumber(m_globalObject, jsNumber(d));
+ NumberObject* obj = constructNumber(m_globalObject, jsNumber(purifyNaN(d)));
m_gcBuffer.appendWithCrashOnOverflow(obj);
return obj;
}
Modified: trunk/Source/WebCore/bridge/objc/objc_utility.mm (293219 => 293220)
--- trunk/Source/WebCore/bridge/objc/objc_utility.mm 2022-04-22 13:29:23 UTC (rev 293219)
+++ trunk/Source/WebCore/bridge/objc/objc_utility.mm 2022-04-22 14:03:47 UTC (rev 293220)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2004-2022 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -238,9 +238,9 @@
case ObjcUnsignedLongLongType:
return jsNumber(*(unsigned long long*)buffer);
case ObjcFloatType:
- return jsNumber(*(float*)buffer);
+ return jsNumber(purifyNaN(*(float*)buffer));
case ObjcDoubleType:
- return jsNumber(*(double*)buffer);
+ return jsNumber(purifyNaN(*(double*)buffer));
default:
// Should never get here. Argument types are filtered.
fprintf(stderr, "%s: invalid type (%d)\n", __PRETTY_FUNCTION__, (int)type);
