Bug 38088

Summary:

Null characters handled incorrectly in ToNumber conversion

Product:

WebKit

Reporter:

Darin Adler <darin>

Component:

JavaScriptCore

Assignee:

Darin Adler <darin>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

tkent

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch	tkent: review+

Description Darin Adler 2010-04-24 22:53:38 PDT

Null characters handled incorrectly in ToNumber conversion

Comment 1 Darin Adler 2010-04-25 21:56:11 PDT

Created attachment 54254 [details]
Patch

Comment 2 Eric Seidel (no email) 2010-05-02 19:00:20 PDT

Comment on attachment 54254 [details]
Patch

Can't we demonstrate the thread-safety failure with a workers-based test?  I wonder if this explains any worker crashes seen on the bots.

Comment 3 Darin Adler 2010-05-02 23:39:49 PDT

(In reply to comment #2)
> Can't we demonstrate the thread-safety failure with a workers-based test?

Perhaps. I don't know.

> I wonder if this explains any worker crashes seen on the bots.

Maybe.

Comment 4 Darin Adler 2010-05-02 23:40:44 PDT

(In reply to comment #2)
> I wonder if this explains any worker crashes seen on the bots.

Probably not. This code path is only used for numeric conversions that overflow in a particular way.

Comment 5 Kent Tamura 2010-05-26 03:02:52 PDT

Comment on attachment 54254 [details]
Patch

This looks OK.

We should have UChar versions of strtod() and dtoa().

Comment 6 Darin Adler 2010-05-27 16:10:16 PDT

Committed r60328: <http://trac.webkit.org/changeset/60328>