Bug 133915 - No check for type on use of Dictionary
Summary: No check for type on use of Dictionary
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Bindings (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-06-14 14:09 PDT by Dirk Schulze
Modified: 2014-06-14 14:09 PDT (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Schulze 2014-06-14 14:09:45 PDT
DOMPoint(Dictionary point) doesn't check for type of point in generated code. This allows basically every value and doesn't throw as it should.

    JSDOMPointConstructor* castedThis = jsCast<JSDOMPointConstructor*>(exec->callee());
    if (exec->argumentCount() < 1)
        return throwVMError(exec, createNotEnoughArgumentsError(exec));
    Dictionary point(exec, exec->argument(0));

DOMPoint(1) would not throw.