Summary: | JSImmediate should be private. | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Gavin Barraclough <barraclough> | ||||
Component: | JavaScriptCore | Assignee: | Gavin Barraclough <barraclough> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | ||||||
Priority: | P2 | ||||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Mac | ||||||
OS: | OS X 10.5 | ||||||
Attachments: |
|
Description
Gavin Barraclough
2009-01-12 20:01:01 PST
Created attachment 26658 [details]
The patch
Comment on attachment 26658 [details]
The patch
JavaScriptCore/API/JSCallbackObjectFunctions.h
@@ double JSCallbackObject<Base>::toNumber(
378378 if (JSObjectConvertToTypeCallback convertToType = jsClass->convertToType) {
379379 JSLock::DropAllLocks dropAllLocks(exec);
380380 if (JSValueRef value = convertToType(ctx, thisRef, kJSTypeNumber, toRef(exec->exceptionSlot())))
381 return toJS(value)->getNumber();
381 return toJS(value)->uncheckedGetNumber();
382382 }
383383
384384 return Base::toNumber(exec);
This isn't safe -- convertToType is developer defined so we can't guarantee good behaviour, so this can't be unchecked, i think
double dValue;
return toJS(value)->getNumber(dValue) ? dValue : NaN;
Would be the correct version
Otherwise r=me
Review comment fixerated. Transmitting file data ...................................... Committed revision 39851. This is a great change. I've been hoping to see this for *ages*. Thanks, Gavin! |