110243 – [V8] ToNumber conversions in toIntXX() functions need try-catch block

RESOLVED WONTFIX 110243

[V8] ToNumber conversions in toIntXX() functions need try-catch block

https://bugs.webkit.org/show_bug.cgi?id=110243

Summary [V8] ToNumber conversions in toIntXX() functions need try-catch block

Joshua Bell

Reported 2013-02-19 11:33:36 PST

CodeGeneratorV8.pm relies on e.g. toInt32 for coercing arguments to WebIDL long types in JSValueToNative. toInt32 calls value->ToNumber(), which may throw but in general this call is not wrapped in a v8::tryCatch block. e.g.: someObj.someLongMethod( { valueOf: function() { throw "boom"; } } );

Attachments
Add attachment proposed patch, testcase, etc.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WONTFIX

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Nobody

Reported

2013-02-19 11:33 PST

Modified

2013-04-11 09:12 PDT History

CC List

1 user Show

URL

Keywords

Depends on

96798 101783

Blocks

Dependencies

tree graph