[Webkit-unassigned] [Bug 90381] [JSBinding] Merging jsUnsignedLongArrayToVector() to toNativeArray() using traits.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 2 06:30:38 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=90381
--- Comment #2 from Kentaro Hara <haraken at chromium.org> 2012-07-02 06:30:37 PST ---
(From update of attachment 150411)
View in context: https://bugs.webkit.org/attachment.cgi?id=150411&action=review
Overall the change looks good, but I am afraid that your patch might be changing the behavior of corner cases.
> Source/WebCore/bindings/js/JSDOMBinding.h:-410
> - JSC::JSObject* object = toJSSequence(exec, value, length);
> - if (exec->hadException())
This check and ...
> Source/WebCore/bindings/js/JSDOMBinding.h:-417
> - indexedValue = object->get(exec, i);
> - if (exec->hadException() || indexedValue.isUndefinedOrNull() || !indexedValue.isNumber())
this check are missing from your patch.
- Would you check the Web IDL spec?
- Would you confirm that your patch won't change the current behavior? (In the first place, I am not sure if the current behavior is 100% conformed to the spec.)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list