summaryrefslogtreecommitdiffstats
path: root/JavaScriptCore
diff options
context:
space:
mode:
authorBart Sears <bsears@google.com>2010-11-03 16:03:53 -0700
committerBart Sears <bsears@google.com>2010-11-04 15:53:30 -0700
commit1baa4609252ea42065c4399b9081b2087c8d70a2 (patch)
tree3c003c5d98d7be38df20c8e5855b46934ea18f14 /JavaScriptCore
parent2da7ed0ba7ed78d0ccaca0a65fc07cfe202a9ed3 (diff)
downloadexternal_webkit-1baa4609252ea42065c4399b9081b2087c8d70a2.zip
external_webkit-1baa4609252ea42065c4399b9081b2087c8d70a2.tar.gz
external_webkit-1baa4609252ea42065c4399b9081b2087c8d70a2.tar.bz2
Cherry-pick WebKit security fix (webkit.org r64706) Do not merge
See http://trac.webkit.org/changeset/64706 Bug:3162623 Change-Id: I17abfbac4013ea98401f4088e9079faa15b9b8d9
Diffstat (limited to 'JavaScriptCore')
-rw-r--r--JavaScriptCore/API/JSValueRef.cpp6
-rw-r--r--JavaScriptCore/wtf/dtoa.cpp1
2 files changed, 7 insertions, 0 deletions
diff --git a/JavaScriptCore/API/JSValueRef.cpp b/JavaScriptCore/API/JSValueRef.cpp
index a12cc34..518fc7b 100644
--- a/JavaScriptCore/API/JSValueRef.cpp
+++ b/JavaScriptCore/API/JSValueRef.cpp
@@ -211,6 +211,12 @@ JSValueRef JSValueMakeNumber(JSContextRef ctx, double value)
ExecState* exec = toJS(ctx);
APIEntryShim entryShim(exec);
+ // Our JSValue representation relies on a standard bit pattern for NaN. NaNs
+ // generated internally to JavaScriptCore naturally have that representation,
+ // but an external NaN might not.
+ if (isnan(value))
+ value = NaN;
+
return toRef(exec, jsNumber(exec, value));
}
diff --git a/JavaScriptCore/wtf/dtoa.cpp b/JavaScriptCore/wtf/dtoa.cpp
index 6289d04..e63be90 100644
--- a/JavaScriptCore/wtf/dtoa.cpp
+++ b/JavaScriptCore/wtf/dtoa.cpp
@@ -168,6 +168,7 @@
#endif
#define INFNAN_CHECK
+#define No_Hex_NaN
#if defined(IEEE_8087) + defined(IEEE_MC68k) + defined(IEEE_ARM) != 1
Exactly one of IEEE_8087, IEEE_ARM or IEEE_MC68k should be defined.
generated by cgit v1.1 at 2025-11-12 09:34:49 +0000