fergalmoran/ladybird
1
0
Fork 0
mirror of https://github.com/fergalmoran/ladybird.git synced 2025-12-27 03:37:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibJS: Pass Interpreter& to Value::to_number() et al.

Browse Source 
This patch is unfortunately rather large and might make some things feel
bloated, but it is necessary to fix a few flaws in LibJS, primarily
blindly coercing values to numbers without exception checks - i.e.

interpreter.argument(0).to_i32();  // can fail!!!

Some examples where the interpreter would actually crash:

var o = { toString: () => { throw Error() } };
+o;
o - 1;
"foo".charAt(o);
"bar".repeat(o);

To fix this, we now have the following...

to_double(Interpreter&)
to_i32()
to_i32(Interpreter&)
to_size_t()
to_size_t(Interpreter&)

...and a whole lot of exception checking.

There's intentionally no to_double(), use as_double() directly instead.

This way we still can use these convenient utility functions but don't
need to check for exceptions if we are sure the value already is a
number.

Fixes #2267.
This commit is contained in:
Linus Groh
2020-05-18 00:28:00 +01:00
committed by Andreas Kling
parent 1a1394f7a2
commit 476094922b
17 changed files with 491 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Libraries/LibJS/Runtime/ReflectObject.cpp
View File

@@ -64,7 +64,9 @@ static void prepare_arguments_list(Interpreter& interpreter, Value value, Marked
auto length_property = arguments_list.get("length");
if (interpreter.exception())
return;
auto length = length_property.to_size_t();
auto length = length_property.to_size_t(interpreter);
if (interpreter.exception())
return;
for (size_t i = 0; i < length; ++i) {
auto element = arguments_list.get(String::number(i));
if (interpreter.exception())
@@ -156,8 +158,11 @@ Value ReflectObject::delete_property(Interpreter& interpreter)
auto property_name = PropertyName(property_key.to_string(interpreter));
if (interpreter.exception())
return {};
if (property_key.to_number().is_finite_number()) {
auto property_key_as_double = property_key.to_double();
auto property_key_number = property_key.to_number(interpreter);
if (interpreter.exception())
return {};
if (property_key_number.is_finite_number()) {
auto property_key_as_double = property_key_number.as_double();
if (property_key_as_double >= 0 && (i32)property_key_as_double == property_key_as_double)
property_name = PropertyName(property_key_as_double);
}