[Webkit-unassigned] [Bug 55033] Array.prototype.push should throw RangeError if the length overflows
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 9 03:18:54 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=55033
--- Comment #2 from Kent Hansen <kent.hansen at nokia.com> 2011-03-09 03:18:54 PST ---
Hey Gavin. I reported this possible spec issue to es-discuss@ a long time ago, but there wasn't any tangible outcome: http://www.mail-archive.com/es-discuss@mozilla.org/msg01264.html
Grepping through the spec, it seems at least Array.prototype.splice has the same issue. E.g.
a = new Array(4294967295); a.splice(a.length, 0, 'foo'); a.length
JSC: 0
SpiderMonkey: 0 (interesting -- since Array.prototype.push throws)
V8: RangeError: Invalid array length (as per spec)
And Array.prototype.unshift as well.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list