[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.3-2-60-g76add97

Gustavo Noronha Silva gns at gnome.org
Sun Oct 17 22:27:11 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit b578a16b085e76bcb10972d32ce0ca2fcdcfe9fb
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Aug 5 04:52:25 2010 +0000

    JavaScriptCore: https://bugs.webkit.org/show_bug.cgi?id=43461
    Invalid NaN parsing
    
    Reviewed by Oliver Hunt and Beth Dakin.
    
    * wtf/dtoa.cpp: Turn off the dtoa feature that allows you to specify a
    non-standard NaN representation, since our NaN encoding assumes that all
    true NaNs have the standard bit pattern.
    
    * API/JSValueRef.cpp:
    (JSValueMakeNumber): Don't allow an API client to accidentally specify
    a non-standard NaN either.
    
    LayoutTests: https://bugs.webkit.org/show_bug.cgi?id=43461
    Crash parsing certain values for NaN
    
    Reviewed by Oliver Hunt and Beth Dakin.
    
    * fast/js/parse-nan.html: Added.
    * fast/js/script-tests/parse-nan.js: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@64706 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/API/JSValueRef.cpp b/JavaScriptCore/API/JSValueRef.cpp
index 2f8c1d4..121caf6 100644
--- a/JavaScriptCore/API/JSValueRef.cpp
+++ b/JavaScriptCore/API/JSValueRef.cpp
@@ -210,6 +210,12 @@ JSValueRef JSValueMakeNumber(JSContextRef ctx, double value)
     ExecState* exec = toJS(ctx);
     APIEntryShim entryShim(exec);
 
+    // Our JSValue representation relies on a standard bit pattern for NaN. NaNs
+    // generated internally to JavaScriptCore naturally have that representation,
+    // but an external NaN might not.
+    if (isnan(value))
+        value = NaN;
+
     return toRef(exec, jsNumber(exec, value));
 }
 
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 0ddd220..c95b7fc 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,18 @@
+2010-08-03  Geoffrey Garen  <ggaren at apple.com>
+
+        Reviewed by Oliver Hunt and Beth Dakin.
+
+        https://bugs.webkit.org/show_bug.cgi?id=43461
+        Invalid NaN parsing
+        
+        * wtf/dtoa.cpp: Turn off the dtoa feature that allows you to specify a
+        non-standard NaN representation, since our NaN encoding assumes that all
+        true NaNs have the standard bit pattern.
+
+        * API/JSValueRef.cpp:
+        (JSValueMakeNumber): Don't allow an API client to accidentally specify
+        a non-standard NaN either.
+
 2010-07-02  Peter Varga  <pvarga at inf.u-szeged.hu>
 
         Reviewed by Oliver Hunt.
diff --git a/JavaScriptCore/wtf/dtoa.cpp b/JavaScriptCore/wtf/dtoa.cpp
index 6289d04..e63be90 100644
--- a/JavaScriptCore/wtf/dtoa.cpp
+++ b/JavaScriptCore/wtf/dtoa.cpp
@@ -168,6 +168,7 @@
 #endif
 
 #define INFNAN_CHECK
+#define No_Hex_NaN
 
 #if defined(IEEE_8087) + defined(IEEE_MC68k) + defined(IEEE_ARM) != 1
 Exactly one of IEEE_8087, IEEE_ARM or IEEE_MC68k should be defined.
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 5d8e845..1471354 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-08-03  Geoffrey Garen  <ggaren at apple.com>
+
+        Reviewed by Oliver Hunt and Beth Dakin.
+
+        https://bugs.webkit.org/show_bug.cgi?id=43461
+        Crash parsing certain values for NaN
+
+        * fast/js/parse-nan.html: Added.
+        * fast/js/script-tests/parse-nan.js: Added.
+
 2010-07-26  Justin Schuh  <jschuh at chromium.org>
 
         Reviewed by Darin Fisher.
diff --git a/LayoutTests/fast/js/parse-nan-expected.txt b/LayoutTests/fast/js/parse-nan-expected.txt
new file mode 100644
index 0000000..c752ab2
--- /dev/null
+++ b/LayoutTests/fast/js/parse-nan-expected.txt
@@ -0,0 +1,10 @@
+This test checks for a crash when parsing NaN. You should see the text 'NaN' below.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+NaN
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/js/parse-nan.html b/LayoutTests/fast/js/parse-nan.html
new file mode 100644
index 0000000..647906e
--- /dev/null
+++ b/LayoutTests/fast/js/parse-nan.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="resources/js-test-style.css">
+<script src="resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/parse-nan.js"></script>
+<script src="resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/fast/js/script-tests/parse-nan.js b/LayoutTests/fast/js/script-tests/parse-nan.js
new file mode 100644
index 0000000..e6a79a0
--- /dev/null
+++ b/LayoutTests/fast/js/script-tests/parse-nan.js
@@ -0,0 +1,7 @@
+description(
+"This test checks for a crash when parsing NaN. You should see the text 'NaN' below."
+);
+
+debug(-parseFloat("NAN(ffffeeeeeff0f)"));
+
+var successfullyParsed = true;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list