Bug 38088 - Null characters handled incorrectly in ToNumber conversion
Summary: Null characters handled incorrectly in ToNumber conversion
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Darin Adler
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-24 22:53 PDT by Darin Adler
Modified: 2010-05-27 16:10 PDT (History)
1 user (show)

See Also:

Attachments
Patch (9.05 KB, patch)
2010-04-25 21:56 PDT, Darin Adler 		tkent: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Darin Adler 2010-04-24 22:53:38 PDT 
Null characters handled incorrectly in ToNumber conversion
Comment 1 Darin Adler 2010-04-25 21:56:11 PDT 
Created attachment 54254 [details]
Patch
Comment 2 Eric Seidel (no email) 2010-05-02 19:00:20 PDT 
Comment on attachment 54254 [details]
Patch

Can't we demonstrate the thread-safety failure with a workers-based test?  I wonder if this explains any worker crashes seen on the bots.
Comment 3 Darin Adler 2010-05-02 23:39:49 PDT 
(In reply to comment #2)
> Can't we demonstrate the thread-safety failure with a workers-based test?

Perhaps. I don't know.

> I wonder if this explains any worker crashes seen on the bots.

Maybe.
Comment 4 Darin Adler 2010-05-02 23:40:44 PDT 
(In reply to comment #2)
> I wonder if this explains any worker crashes seen on the bots.

Probably not. This code path is only used for numeric conversions that overflow in a particular way.
Comment 5 Kent Tamura 2010-05-26 03:02:52 PDT 
Comment on attachment 54254 [details]
Patch

This looks OK.

We should have UChar versions of strtod() and dtoa().
Comment 6 Darin Adler 2010-05-27 16:10:16 PDT 
Committed r60328: <http://trac.webkit.org/changeset/60328>