Changeset 195416 in webkit
- Timestamp:
- Jan 21, 2016 11:16:30 AM (8 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 1 added
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r195412 r195416 1 2016-01-21 Keith Miller <keith_miller@apple.com> 2 3 Fix bug in TypedArray.prototype.set and add tests 4 https://bugs.webkit.org/show_bug.cgi?id=153309 5 6 Reviewed by Michael Saboff. 7 8 This patch fixes an issue with TypedArray.prototype.set where we would 9 assign a double to an unsigned without checking that the double was 10 in the range of the unsigned. Additionally, the patch also adds 11 tests for set for cases that were not covered before. 12 13 * runtime/JSGenericTypedArrayViewPrototypeFunctions.h: 14 (JSC::genericTypedArrayViewProtoFuncSet): 15 * tests/stress/typedarray-set.js: Added. 16 1 17 2016-01-19 Ada Chan <adachan@apple.com> 2 18 -
trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h
r195360 r195416 76 76 if (offsetNumber < 0) 77 77 return throwVMRangeError(exec, "Offset should not be negative"); 78 offset = offsetNumber;78 offset = static_cast<unsigned>(std::min(offsetNumber, static_cast<double>(std::numeric_limits<unsigned>::max()))); 79 79 } else 80 80 offset = 0;
Note: See TracChangeset
for help on using the changeset viewer.