Closed Bug 899760 Opened 11 years ago Closed 11 years ago

Handlify ToInt32 & friends and add operator const T& to MutableHandle

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 899976

People

(Reporter: sfink, Assigned: sfink)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Handlify ToUint32 and friends
16.20 KB, patch
terrence
: review+
Details | Diff | Splinter Review 
We have lots of places where args[] flows into ToInt32 or similar, which still takes a const Value&, which gives us a ton of unsafe references.
The one tricky bit, that I probably ought to r? Waldo on but I think you can see from code inspection now, is that the weirdness about <typedarray>::create being called with a degenerate vp (with no argv[-2] or argv[-1]) is gone. Waldo killed it.
Attachment #783342 - Flags: review?(terrence)
Blocks: 898608
Comment on attachment 783342 [details] [diff] [review]
Handlify ToUint32 and friends

Review of attachment 783342 [details] [diff] [review]:
-----------------------------------------------------------------

r=me

::: js/src/vm/TypedArrayObject.cpp
@@ +191,2 @@
>      int32_t nbytes = 0;
> +    if (argc > 0 && !ToInt32(cx, args[0], &nbytes))

s/argc/args.length()/
Attachment #783342 - Flags: review?(terrence) → review+
Comment on attachment 783342 [details] [diff] [review]
Handlify ToUint32 and friends

Review of attachment 783342 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/ion/AsmJS.cpp
@@ +5794,2 @@
>  
>      return true;

Why does this return int32_t?
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: