RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-31 11:22:45 +00:00
Code Issues Activity Actions

LibJS: Pass Interpreter& to Value::to_number() et al.

Browse source 
This patch is unfortunately rather large and might make some things feel
bloated, but it is necessary to fix a few flaws in LibJS, primarily
blindly coercing values to numbers without exception checks - i.e.

interpreter.argument(0).to_i32();  // can fail!!!

Some examples where the interpreter would actually crash:

var o = { toString: () => { throw Error() } };
+o;
o - 1;
"foo".charAt(o);
"bar".repeat(o);

To fix this, we now have the following...

to_double(Interpreter&)
to_i32()
to_i32(Interpreter&)
to_size_t()
to_size_t(Interpreter&)

...and a whole lot of exception checking.

There's intentionally no to_double(), use as_double() directly instead.

This way we still can use these convenient utility functions but don't
need to check for exceptions if we are sure the value already is a
number.

Fixes #2267.
This commit is contained in:
Linus Groh 2020-05-18 00:28:00 +01:00 committed by Andreas Kling
parent 1a1394f7a2
commit 476094922b
17 changed files with 491 additions and 187 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Libraries/LibJS/Runtime/GlobalObject.cpp
View file

@ -137,12 +137,18 @@ Value GlobalObject::gc(Interpreter& interpreter)
Value GlobalObject::is_nan(Interpreter& interpreter)
{
return Value(interpreter.argument(0).to_number().is_nan());
auto number = interpreter.argument(0).to_number(interpreter);
if (interpreter.exception())
return {};
return Value(number.is_nan());
}
Value GlobalObject::is_finite(Interpreter& interpreter)
{
return Value(interpreter.argument(0).to_number().is_finite_number());
auto number = interpreter.argument(0).to_number(interpreter);
if (interpreter.exception())
return {};
return Value(number.is_finite_number());
}
Value GlobalObject::parse_float(Interpreter& interpreter)
@ -151,7 +157,8 @@ Value GlobalObject::parse_float(Interpreter& interpreter)
if (interpreter.exception())
return {};
for (size_t length = string.length(); length > 0; --length) {
auto number = Value(js_string(interpreter, string.substring(0, length))).to_number();
// This can't throw, so no exception check is fine.
auto number = Value(js_string(interpreter, string.substring(0, length))).to_number(interpreter);
if (!number.is_nan())
return number;
}