Reviewed by Maciej.
authorsullivan <sullivan@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 19 Jul 2004 23:43:54 +0000 (23:43 +0000)
committersullivan <sullivan@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 19 Jul 2004 23:43:54 +0000 (23:43 +0000)
commit66b20dd4d79d69d79aa1f1dd311d4c694b6af327
tree15bf563cbd6391c080950c086fe64c8662834ead
parentf8a11f335f22cb5ec1f51861afbda66d2c05f2de
    Reviewed by Maciej.

        - bulletproofed array.slice() against NAN arguments. Harri noticed this
        vulnerability in my patch for 3714644

        * kjs/array_object.cpp:
        (ArrayProtoFuncImp::call):
        handle NAN parameters passed to slice() by clamping to 0 and length.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@7059 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JavaScriptCore/ChangeLog
JavaScriptCore/kjs/array_object.cpp