mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Fixed unsafe coercion of JSVAL_VOID to string on trace entry (bug 465483, r=brendan).
This commit is contained in:
parent
7a34f9500d
commit
63c268384c
@ -1228,10 +1228,6 @@ ValueToNative(JSContext* cx, jsval v, uint8 type, double* slot)
|
||||
debug_only_v(printf("boolean<%d> ", *(JSBool*)slot);)
|
||||
return;
|
||||
case JSVAL_STRING:
|
||||
if (v == JSVAL_VOID) {
|
||||
*(JSString**)slot = ATOM_TO_STRING(cx->runtime->atomState.typeAtoms[JSTYPE_VOID]);
|
||||
return;
|
||||
}
|
||||
JS_ASSERT(tag == JSVAL_STRING);
|
||||
*(JSString**)slot = JSVAL_TO_STRING(v);
|
||||
debug_only_v(printf("string<%p> ", *(JSString**)slot);)
|
||||
@ -3261,7 +3257,7 @@ js_IsEntryTypeCompatible(jsval* vp, uint8* m)
|
||||
debug_only_v(printf("bool != tag%u", tag);)
|
||||
return false;
|
||||
case JSVAL_STRING:
|
||||
if (*vp == JSVAL_VOID || tag == JSVAL_STRING)
|
||||
if (tag == JSVAL_STRING)
|
||||
return true;
|
||||
debug_only_v(printf("string != tag%u", tag);)
|
||||
return false;
|
||||
|
@ -1902,6 +1902,15 @@ function testBug465272() {
|
||||
testBug465272.expected = "3,3,3,3,3"
|
||||
test(testBug465272);
|
||||
|
||||
function testBug465483() {
|
||||
var a = new Array(4);
|
||||
var c = 0;
|
||||
for each (i in [4, 'a', 'b', (void 0)]) a[c++] = '' + (i + i);
|
||||
return a.join(',');
|
||||
}
|
||||
testBug465483.expected = '8,aa,bb,NaN';
|
||||
test(testBug465483);
|
||||
|
||||
// BEGIN MANDELBROT STUFF
|
||||
// XXXbz I would dearly like to wrap it up into a function to avoid polluting
|
||||
// the global scope, but the function ends up heavyweight, and then we lose on
|
||||
|
Loading…
Reference in New Issue
Block a user