diff options
| author | Charlie Gordon <github@chqrlie.org> | 2024-02-11 21:32:36 +0100 |
|---|---|---|
| committer | bptato <nincsnevem662@gmail.com> | 2024-03-02 18:12:23 +0100 |
| commit | 3d3aa89a8d8688a3d0c234c7afab6dce6792bfac (patch) | |
| tree | f1d4ca4c403b9d480ccad3f482c26b8d085e0dfa /lib | |
| parent | 8bad611675163d80cd6e037d10896a0153c02d8f (diff) | |
| download | chawan-3d3aa89a8d8688a3d0c234c7afab6dce6792bfac.tar.gz | |
Fix undefined behavior (UBSAN)
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/quickjs/quickjs.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/quickjs/quickjs.c b/lib/quickjs/quickjs.c index d23d25c3..84c007de 100644 --- a/lib/quickjs/quickjs.c +++ b/lib/quickjs/quickjs.c @@ -19045,10 +19045,10 @@ static JSValue js_generator_next(JSContext *ctx, JSValueConst this_val, *pdone = TRUE; if (!s) return JS_ThrowTypeError(ctx, "not a generator"); - sf = &s->func_state->frame; switch(s->state) { default: case JS_GENERATOR_STATE_SUSPENDED_START: + sf = &s->func_state->frame; if (magic == GEN_MAGIC_NEXT) { goto exec_no_arg; } else { @@ -19058,6 +19058,7 @@ static JSValue js_generator_next(JSContext *ctx, JSValueConst this_val, break; case JS_GENERATOR_STATE_SUSPENDED_YIELD_STAR: case JS_GENERATOR_STATE_SUSPENDED_YIELD: + sf = &s->func_state->frame; /* cur_sp[-1] was set to JS_UNDEFINED in the previous call */ ret = JS_DupValue(ctx, argv[0]); if (magic == GEN_MAGIC_THROW && @@ -41405,7 +41406,7 @@ static JSValue js_string_fromCodePoint(JSContext *ctx, JSValueConst this_val, } else { if (JS_ToFloat64(ctx, &d, argv[i])) goto fail; - if (d < 0 || d > 0x10ffff || (c = (int)d) != d) + if (isnan(d) || d < 0 || d > 0x10ffff || (c = (int)d) != d) goto range_error; } if (string_buffer_putc(b, c)) @@ -53800,6 +53801,7 @@ static JSValue js_typed_array_indexOf(JSContext *ctx, JSValueConst this_val, } else if (tag == JS_TAG_FLOAT64) { d = JS_VALUE_GET_FLOAT64(argv[0]); + // XXX: should fix UB v64 = d; is_int = (v64 == d); } else if (tag == JS_TAG_BIG_INT) { |