wasmToJS() should purify incoming NaNs.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 27 Feb 2019 00:25:34 +0000 (00:25 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 27 Feb 2019 00:25:34 +0000 (00:25 +0000)
commitcd26a3c5f47d2f249eca86b714c4bf914b3e9b47
treed6645ac7ee2dc0ae364324562b02e6e6088b12da
parent76585637ebb31b7c5a7c9d31c8187c7a26748938
wasmToJS() should purify incoming NaNs.
https://bugs.webkit.org/show_bug.cgi?id=194807
<rdar://problem/48189132>

Reviewed by Saam Barati.

JSTests:

* wasm/regress/wasmToJS-should-purify-NaNs.js: Added.

Source/JavaScriptCore:

* runtime/JSCJSValue.h:
(JSC::jsNumber):
* runtime/TypedArrayAdaptors.h:
(JSC::IntegralTypedArrayAdaptor::toJSValue):
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242114 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/wasm/regress/wasmToJS-should-purify-NaNs.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSCJSValue.h
Source/JavaScriptCore/runtime/TypedArrayAdaptors.h
Source/JavaScriptCore/wasm/js/WasmToJS.cpp