Fix potential conversion errors (#384)
- fix undefined behavior in double to int conversions - do not pass an `int64_t` to `js_bool()`
This commit is contained in:
parent
70a60f0aa1
commit
43dc65d605
1 changed files with 8 additions and 3 deletions
11
quickjs.c
11
quickjs.c
|
@ -10884,6 +10884,8 @@ static __exception int JS_ToArrayLengthFree(JSContext *ctx, uint32_t *plen,
|
|||
if (JS_TAG_IS_FLOAT64(tag)) {
|
||||
double d;
|
||||
d = JS_VALUE_GET_FLOAT64(val);
|
||||
if (!(d >= 0 && d <= UINT32_MAX))
|
||||
goto fail;
|
||||
len = (uint32_t)d;
|
||||
if (len != d)
|
||||
goto fail;
|
||||
|
@ -37570,9 +37572,10 @@ static JSValue js_array_includes(JSContext *ctx, JSValue this_val,
|
|||
int argc, JSValue *argv)
|
||||
{
|
||||
JSValue obj, val;
|
||||
int64_t len, n, res;
|
||||
int64_t len, n;
|
||||
JSValue *arrp;
|
||||
uint32_t count;
|
||||
int res;
|
||||
|
||||
obj = JS_ToObject(ctx, this_val);
|
||||
if (js_get_length64(ctx, &len, obj))
|
||||
|
@ -50000,8 +50003,10 @@ static JSValue js_typed_array_indexOf(JSContext *ctx, JSValue this_val,
|
|||
} else
|
||||
if (tag == JS_TAG_FLOAT64) {
|
||||
d = JS_VALUE_GET_FLOAT64(argv[0]);
|
||||
v64 = d;
|
||||
is_int = (v64 == d);
|
||||
if (d >= INT64_MIN && d < 0x1p63) {
|
||||
v64 = d;
|
||||
is_int = (v64 == d);
|
||||
}
|
||||
} else
|
||||
if (tag == JS_TAG_BIG_INT) {
|
||||
JSBigInt *p1 = JS_VALUE_GET_PTR(argv[0]);
|
||||
|
|
Loading…
Reference in a new issue