Changeset 64706 in webkit

Timestamp:

Aug 4, 2010, 9:52:25 PM (15 years ago)

Author:

ggaren@apple.com

Message:

JavaScriptCore: ​https://bugs.webkit.org/show_bug.cgi?id=43461
Invalid NaN parsing

Reviewed by Oliver Hunt and Beth Dakin.

• wtf/dtoa.cpp: Turn off the dtoa feature that allows you to specify a

non-standard NaN representation, since our NaN encoding assumes that all
true NaNs have the standard bit pattern.

• API/JSValueRef.cpp:

(JSValueMakeNumber): Don't allow an API client to accidentally specify
a non-standard NaN either.

LayoutTests: ​https://bugs.webkit.org/show_bug.cgi?id=43461
Crash parsing certain values for NaN

Reviewed by Oliver Hunt and Beth Dakin.

• fast/js/parse-nan.html: Added.
• fast/js/script-tests/parse-nan.js: Added.

Location:

trunk

Files:

• JavaScriptCore/API/JSValueRef.cpp (modified) (1 diff)
• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/wtf/dtoa.cpp (modified) (1 diff)
• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/js/parse-nan-expected.txt (added)
• LayoutTests/fast/js/parse-nan.html (added)
• LayoutTests/fast/js/script-tests/parse-nan.js (added)

trunk/JavaScriptCore/API/JSValueRef.cpp ¶

@@ -214 +214 @@
     APIEntryShim entryShim(exec);
 
+    // Our JSValue representation relies on a standard bit pattern for NaN. NaNs
+    // generated internally to JavaScriptCore naturally have that representation,
+    // but an external NaN might not.
+    if (isnan(value))
+        value = NaN;
+
     return toRef(exec, jsNumber(exec, value));
 }

trunk/JavaScriptCore/ChangeLog ¶

@@ +1 @@
+2010-08-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt and Beth Dakin.
+
+        https://bugs.webkit.org/show_bug.cgi?id=43461
+        Invalid NaN parsing
+        
+        * wtf/dtoa.cpp: Turn off the dtoa feature that allows you to specify a
+        non-standard NaN representation, since our NaN encoding assumes that all
+        true NaNs have the standard bit pattern.
+
+        * API/JSValueRef.cpp:
+        (JSValueMakeNumber): Don't allow an API client to accidentally specify
+        a non-standard NaN either.
+
 2010-08-04  Gavin Barraclough  <barraclough@apple.com>
 

trunk/JavaScriptCore/wtf/dtoa.cpp ¶

@@ -168 +168 @@
 
 #define INFNAN_CHECK
+#define No_Hex_NaN
 
 #if defined(IEEE_8087) + defined(IEEE_MC68k) + defined(IEEE_ARM) != 1

trunk/LayoutTests/ChangeLog ¶

@@ +1 @@
+2010-08-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt and Beth Dakin.
+
+        https://bugs.webkit.org/show_bug.cgi?id=43461
+        Crash parsing certain values for NaN
+
+        * fast/js/parse-nan.html: Added.
+        * fast/js/script-tests/parse-nan.js: Added.
+
 2010-08-04  Sheriff Bot  <webkit.review.bot@gmail.com>