Fix undefined behavior (UBSAN)
This commit is contained in:
parent
e53d622359
commit
6535064577
2 changed files with 6 additions and 2 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,5 +1,7 @@
|
||||||
*.a
|
*.a
|
||||||
.obj/
|
.obj/
|
||||||
|
examples/test_fib
|
||||||
|
test_fib.c
|
||||||
examples/hello
|
examples/hello
|
||||||
examples/hello_module
|
examples/hello_module
|
||||||
hello.c
|
hello.c
|
||||||
|
|
|
@ -18937,10 +18937,10 @@ static JSValue js_generator_next(JSContext *ctx, JSValueConst this_val,
|
||||||
*pdone = TRUE;
|
*pdone = TRUE;
|
||||||
if (!s)
|
if (!s)
|
||||||
return JS_ThrowTypeError(ctx, "not a generator");
|
return JS_ThrowTypeError(ctx, "not a generator");
|
||||||
sf = &s->func_state->frame;
|
|
||||||
switch(s->state) {
|
switch(s->state) {
|
||||||
default:
|
default:
|
||||||
case JS_GENERATOR_STATE_SUSPENDED_START:
|
case JS_GENERATOR_STATE_SUSPENDED_START:
|
||||||
|
sf = &s->func_state->frame;
|
||||||
if (magic == GEN_MAGIC_NEXT) {
|
if (magic == GEN_MAGIC_NEXT) {
|
||||||
goto exec_no_arg;
|
goto exec_no_arg;
|
||||||
} else {
|
} else {
|
||||||
|
@ -18950,6 +18950,7 @@ static JSValue js_generator_next(JSContext *ctx, JSValueConst this_val,
|
||||||
break;
|
break;
|
||||||
case JS_GENERATOR_STATE_SUSPENDED_YIELD_STAR:
|
case JS_GENERATOR_STATE_SUSPENDED_YIELD_STAR:
|
||||||
case JS_GENERATOR_STATE_SUSPENDED_YIELD:
|
case JS_GENERATOR_STATE_SUSPENDED_YIELD:
|
||||||
|
sf = &s->func_state->frame;
|
||||||
/* cur_sp[-1] was set to JS_UNDEFINED in the previous call */
|
/* cur_sp[-1] was set to JS_UNDEFINED in the previous call */
|
||||||
ret = JS_DupValue(ctx, argv[0]);
|
ret = JS_DupValue(ctx, argv[0]);
|
||||||
if (magic == GEN_MAGIC_THROW &&
|
if (magic == GEN_MAGIC_THROW &&
|
||||||
|
@ -41297,7 +41298,7 @@ static JSValue js_string_fromCodePoint(JSContext *ctx, JSValueConst this_val,
|
||||||
} else {
|
} else {
|
||||||
if (JS_ToFloat64(ctx, &d, argv[i]))
|
if (JS_ToFloat64(ctx, &d, argv[i]))
|
||||||
goto fail;
|
goto fail;
|
||||||
if (d < 0 || d > 0x10ffff || (c = (int)d) != d)
|
if (isnan(d) || d < 0 || d > 0x10ffff || (c = (int)d) != d)
|
||||||
goto range_error;
|
goto range_error;
|
||||||
}
|
}
|
||||||
if (string_buffer_putc(b, c))
|
if (string_buffer_putc(b, c))
|
||||||
|
@ -53692,6 +53693,7 @@ static JSValue js_typed_array_indexOf(JSContext *ctx, JSValueConst this_val,
|
||||||
} else
|
} else
|
||||||
if (tag == JS_TAG_FLOAT64) {
|
if (tag == JS_TAG_FLOAT64) {
|
||||||
d = JS_VALUE_GET_FLOAT64(argv[0]);
|
d = JS_VALUE_GET_FLOAT64(argv[0]);
|
||||||
|
// XXX: should fix UB
|
||||||
v64 = d;
|
v64 = d;
|
||||||
is_int = (v64 == d);
|
is_int = (v64 == d);
|
||||||
} else if (tag == JS_TAG_BIG_INT) {
|
} else if (tag == JS_TAG_BIG_INT) {
|
||||||
|
|
Loading…
Reference in a new issue