commit 9ffa0cf6cd81d881dd1c1abc7ff73703639745fa
parent 139099b697d1604aaf901f996156127b0a79c806
Author: Charlie Gordon <github@chqrlie.org>
Date: Sun, 11 Feb 2024 21:32:36 +0100
Fix undefined behavior (UBSAN)
Diffstat:
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/quickjs/.gitignore b/quickjs/.gitignore
@@ -1,5 +1,7 @@
*.a
.obj/
+examples/test_fib
+test_fib.c
examples/hello
examples/hello_module
hello.c
diff --git a/quickjs/quickjs.c b/quickjs/quickjs.c
@@ -19124,10 +19124,10 @@ static JSValue js_generator_next(JSContext *ctx, JSValueConst this_val,
*pdone = TRUE;
if (!s)
return JS_ThrowTypeError(ctx, "not a generator");
- sf = &s->func_state->frame;
switch(s->state) {
default:
case JS_GENERATOR_STATE_SUSPENDED_START:
+ sf = &s->func_state->frame;
if (magic == GEN_MAGIC_NEXT) {
goto exec_no_arg;
} else {
@@ -19137,6 +19137,7 @@ static JSValue js_generator_next(JSContext *ctx, JSValueConst this_val,
break;
case JS_GENERATOR_STATE_SUSPENDED_YIELD_STAR:
case JS_GENERATOR_STATE_SUSPENDED_YIELD:
+ sf = &s->func_state->frame;
/* cur_sp[-1] was set to JS_UNDEFINED in the previous call */
ret = JS_DupValue(ctx, argv[0]);
if (magic == GEN_MAGIC_THROW &&
@@ -41515,7 +41516,7 @@ static JSValue js_string_fromCodePoint(JSContext *ctx, JSValueConst this_val,
} else {
if (JS_ToFloat64(ctx, &d, argv[i]))
goto fail;
- if (d < 0 || d > 0x10ffff || (c = (int)d) != d)
+ if (isnan(d) || d < 0 || d > 0x10ffff || (c = (int)d) != d)
goto range_error;
}
if (string_buffer_putc(b, c))
@@ -53968,6 +53969,7 @@ static JSValue js_typed_array_indexOf(JSContext *ctx, JSValueConst this_val,
} else
if (tag == JS_TAG_FLOAT64) {
d = JS_VALUE_GET_FLOAT64(argv[0]);
+ // XXX: should fix UB
v64 = d;
is_int = (v64 == d);
} else if (tag == JS_TAG_BIG_INT) {
