[Webkit-unassigned] [Bug 160322] Undefined Behavior in JSValue cast from NaN
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 29 12:45:36 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=160322
--- Comment #3 from Mark Lam <mark.lam at apple.com> ---
(In reply to comment #2)
> Do we still have an undefined behavior when the passed value just happens to
> be a NaN?
>
> The compiler will not see it and thus won't do anything bad, presumably.
jsNaN() calls JSValue(double), and JSValue(double) casts the double value to an int32_t, which is undefined according to http://stackoverflow.com/questions/3986795/what-is-the-result-of-casting-float-inf-inf-and-nan-to-integer-in-c.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160729/40a61ed9/attachment.html>
More information about the webkit-unassigned
mailing list