[webkit-reviews] review granted: [Bug 190836] [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength : [Attachment 355242] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 20 19:00:57 PST 2018
Yusuke Suzuki <yusukesuzuki at slowstart.org> has granted Caio Lima
<ticaiolima at gmail.com>'s request for review:
Bug 190836: [BigInt] JSBigInt::createWithLength should throw when length is
greater than JSBigInt::maxLength
https://bugs.webkit.org/show_bug.cgi?id=190836
Attachment 355242: Patch
https://bugs.webkit.org/attachment.cgi?id=355242&action=review
--- Comment #29 from Yusuke Suzuki <yusukesuzuki at slowstart.org> ---
Comment on attachment 355242
--> https://bugs.webkit.org/attachment.cgi?id=355242
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=355242&action=review
> Source/JavaScriptCore/runtime/JSBigInt.cpp:111
> JSBigInt* bigInt = new (NotNull, allocateCell<JSBigInt>(vm.heap,
allocationSize(length))) JSBigInt(vm, vm.bigIntStructure.get(), length);
Let's have an assertion on `length`!
ASSERT(length <= maxLength);
More information about the webkit-reviews
mailing list