Reviewed by Maciej.
authorsullivan <sullivan@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 16 Jul 2004 22:56:24 +0000 (22:56 +0000)
committersullivan <sullivan@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 16 Jul 2004 22:56:24 +0000 (22:56 +0000)
        - fixed <rdar://problem/3714644> REGRESSION (125.8-146): bugzilla submit link
        hangs browser with javascript

        * kjs/array_object.cpp:
        (ArrayProtoFuncImp::call):
        Check for undefined type for args[0] the same way we were already checking
        for args[1]. In this case, args was zero-length, but we were treating
        args[0] like an integer anyway. Resulted in some code looping from a NAN
        value to 4, taking approximately forever.

        * JavaScriptCore.pbproj/project.pbxproj:
        version wars

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@7047 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JavaScriptCore/ChangeLog
JavaScriptCore/JavaScriptCore.pbproj/project.pbxproj
JavaScriptCore/kjs/array_object.cpp

index a261a3a22f5ba514c8298fe81ccb814cfe13ab04..13ecd6bc59fe84fa71d2e001ad86ede8fd643cea 100644 (file)
@@ -1,3 +1,20 @@
+2004-07-16  John Sullivan  <sullivan@apple.com>
+
+        Reviewed by Maciej.
+        
+        - fixed <rdar://problem/3714644> REGRESSION (125.8-146): bugzilla submit link 
+        hangs browser with javascript
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFuncImp::call):
+        Check for undefined type for args[0] the same way we were already checking
+        for args[1]. In this case, args was zero-length, but we were treating
+        args[0] like an integer anyway. Resulted in some code looping from a NAN
+        value to 4, taking approximately forever.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        version wars
+        
 === Safari-152 ===
 
 2004-07-14  Maciej Stachowiak  <mjs@apple.com>
index 4733c621f6273a4619da385ad0173bd1749cf263..5956b04db5522402b32c8ce673454838e02be06f 100644 (file)
                                45E12D7506A49A6C00E9DF84,
                        );
                        buildSettings = {
-                               OPTIMIZATION_CFLAGS = "";
                                OTHER_CFLAGS = "";
                                OTHER_LDFLAGS = "";
                                OTHER_REZFLAGS = "";
                        buildPhases = (
                        );
                        buildSettings = {
-                               OPTIMIZATION_CFLAGS = "";
                                OTHER_CFLAGS = "";
                                OTHER_LDFLAGS = "";
                                OTHER_REZFLAGS = "";
index 562ae4bcc54e0d8768b473c8a6eead458e62201b..a6844276a7de979006ca4c6bf808035161db8831 100644 (file)
@@ -580,14 +580,17 @@ Value ArrayProtoFuncImp::call(ExecState *exec, Object &thisObj, const List &args
     // We return a new array
     Object resObj = Object::dynamicCast(exec->lexicalInterpreter()->builtinArray().construct(exec,List::empty()));
     result = resObj;
-    double begin = args[0].toInteger(exec);
-    if (begin < 0) {
-      begin += length;
-      if (begin < 0)
-        begin = 0;
-    } else {
-      if (begin > length)
-        begin = length;
+    double begin = 0;
+    if (args[0].type() != UndefinedType) {
+        begin = args[0].toInteger(exec);
+        if (begin < 0) {
+            begin += length;
+            if (begin < 0)
+                begin = 0;
+        } else {
+            if (begin > length)
+                begin = length;
+        }
     }
     double end = length;
     if (args[1].type() != UndefinedType) {