From 476094922b6dbbc252a076aecca9cc0d172e540e Mon Sep 17 00:00:00 2001 From: Linus Groh Date: Mon, 18 May 2020 00:28:00 +0100 Subject: LibJS: Pass Interpreter& to Value::to_number() et al. This patch is unfortunately rather large and might make some things feel bloated, but it is necessary to fix a few flaws in LibJS, primarily blindly coercing values to numbers without exception checks - i.e. interpreter.argument(0).to_i32(); // can fail!!! Some examples where the interpreter would actually crash: var o = { toString: () => { throw Error() } }; +o; o - 1; "foo".charAt(o); "bar".repeat(o); To fix this, we now have the following... to_double(Interpreter&) to_i32() to_i32(Interpreter&) to_size_t() to_size_t(Interpreter&) ...and a whole lot of exception checking. There's intentionally no to_double(), use as_double() directly instead. This way we still can use these convenient utility functions but don't need to check for exceptions if we are sure the value already is a number. Fixes #2267. --- Libraries/LibJS/Runtime/Value.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'Libraries/LibJS/Runtime/Value.h') diff --git a/Libraries/LibJS/Runtime/Value.h b/Libraries/LibJS/Runtime/Value.h index ee1d3bbb90..4a04caa627 100644 --- a/Libraries/LibJS/Runtime/Value.h +++ b/Libraries/LibJS/Runtime/Value.h @@ -188,11 +188,13 @@ public: PrimitiveString* to_primitive_string(Interpreter&); Value to_primitive(Interpreter&) const; Object* to_object(Interpreter&) const; - bool to_boolean() const; - Value to_number() const; + Value to_number(Interpreter&) const; + double to_double(Interpreter&) const; i32 to_i32() const; - double to_double() const; + i32 to_i32(Interpreter&) const; size_t to_size_t() const; + size_t to_size_t(Interpreter&) const; + bool to_boolean() const; Value value_or(Value fallback) const { -- cgit v1.2.3