From 3ee7438a5ffed4187dda3054449e898e2c269ee1 Mon Sep 17 00:00:00 2001 From: Jacek Caban Date: Thu, 3 May 2012 10:40:04 +0200 Subject: [PATCH] jscript: Better handling of to_integer result in Array.splice. --- dlls/jscript/array.c | 22 +++++++++++++--------- dlls/jscript/tests/api.js | 22 ++++++++++++++++++++++ 2 files changed, 35 insertions(+), 9 deletions(-) diff --git a/dlls/jscript/array.c b/dlls/jscript/array.c index fe8d7517986..e2885255ae2 100644 --- a/dlls/jscript/array.c +++ b/dlls/jscript/array.c @@ -853,6 +853,8 @@ static HRESULT Array_splice(script_ctx_t *ctx, vdisp_t *vthis, WORD flags, DISPP { DWORD length, start=0, delete_cnt=0, argc, i, add_args = 0; jsdisp_t *ret_array = NULL, *jsthis; + double d; + int n; VARIANT v; HRESULT hres = S_OK; @@ -867,14 +869,15 @@ static HRESULT Array_splice(script_ctx_t *ctx, vdisp_t *vthis, WORD flags, DISPP hres = to_integer(ctx, get_arg(dp,0), ei, &v); if(FAILED(hres)) return hres; + d = num_val(&v); - if(V_VT(&v) == VT_I4) { - if(V_I4(&v) >= 0) - start = min(V_I4(&v), length); + if(is_int32(d)) { + if((n = d) >= 0) + start = min(n, length); else - start = -V_I4(&v) > length ? 0 : length + V_I4(&v); + start = -n > length ? 0 : length + n; }else { - start = V_R8(&v) < 0.0 ? 0 : length; + start = d < 0.0 ? 0 : length; } } @@ -882,11 +885,12 @@ static HRESULT Array_splice(script_ctx_t *ctx, vdisp_t *vthis, WORD flags, DISPP hres = to_integer(ctx, get_arg(dp,1), ei, &v); if(FAILED(hres)) return hres; + d = num_val(&v); - if(V_VT(&v) == VT_I4) { - if(V_I4(&v) > 0) - delete_cnt = min(V_I4(&v), length-start); - }else if(V_R8(&v) > 0.0) { + if(is_int32(d)) { + if((n = d) > 0) + delete_cnt = min(n, length-start); + }else if(d > 0.0) { delete_cnt = length-start; } diff --git a/dlls/jscript/tests/api.js b/dlls/jscript/tests/api.js index e81bb3f39b1..c1ae80896cd 100644 --- a/dlls/jscript/tests/api.js +++ b/dlls/jscript/tests/api.js @@ -18,6 +18,8 @@ var tmp, i; +var bigInt = Math.pow(2,40); + ok(ScriptEngine() === "JScript", "ScriptEngine() = " + ScriptEngine()); ok(ScriptEngine(3) === "JScript", "ScriptEngine(3) = " + ScriptEngine(3)); ok(ScriptEngineMajorVersion() === ScriptEngineMajorVersion(2), "ScriptEngineMajorVersion() !== ScriptEngineMajorVersion(2)"); @@ -996,6 +998,26 @@ tmp = arr.splice(); ok(tmp.toString() == "", "arr.splice(2,-1) returned " + tmp.toString()); ok(arr.toString() == "1,2,3,4,5", "arr.splice(2,-1) is " + arr.toString()); +arr = [1,2,3,4,5]; +tmp = arr.splice(bigInt); +ok(tmp.toString() == "", "arr.splice(bigInt) returned " + tmp.toString()); +ok(arr.toString() == "1,2,3,4,5", "arr.splice(bigInt) is " + arr.toString()); + +arr = [1,2,3,4,5]; +tmp = arr.splice(-bigInt); +ok(tmp.toString() == "", "arr.splice(-bigInt) returned " + tmp.toString()); +ok(arr.toString() == "1,2,3,4,5", "arr.splice(-bigInt) is " + arr.toString()); + +arr = [1,2,3,4,5]; +tmp = arr.splice(2, bigInt); +ok(tmp.toString() == "3,4,5", "arr.splice(2, bigInt) returned " + tmp.toString()); +ok(arr.toString() == "1,2", "arr.splice(2, bigInt) is " + arr.toString()); + +arr = [1,2,3,4,5]; +tmp = arr.splice(2, -bigInt); +ok(tmp.toString() == "", "arr.splice(2, bigInt) returned " + tmp.toString()); +ok(arr.toString() == "1,2,3,4,5", "arr.splice(2, bigInt) is " + arr.toString()); + obj = new Object(); obj.length = 3; obj[0] = 1; -- 2.11.4.GIT