Bug 599188 - potential overflow in shell ShapeOf. r=jorendorff.
authorAndreas Gal <gal@mozilla.com>
Tue, 07 Dec 2010 11:17:18 -0600
changeset 58981 83858adedebcbdd7bc36d3ec526cb01aad496e38
parent 58980 5fe72e17474528e3a412a9a434c85887b78961b6
child 58982 1eceb7866d063acefe8ff1c8ef2c5ac348506985
push id1
push usershaver@mozilla.com
push dateTue, 04 Jan 2011 17:58:04 +0000
reviewersjorendorff
bugs599188
milestone2.0b8pre
Bug 599188 - potential overflow in shell ShapeOf. r=jorendorff.
js/src/shell/js.cpp
--- a/js/src/shell/js.cpp
+++ b/js/src/shell/js.cpp
@@ -3387,18 +3387,18 @@ EvalInFrame(JSContext *cx, uintN argc, j
         JS_RestoreFrameChain(cx, oldfp);
 
     return ok;
 }
 
 static JSBool
 ShapeOf(JSContext *cx, uintN argc, jsval *vp)
 {
-    jsval v = JS_ARGV(cx, vp)[0];
-    if (!JSVAL_IS_OBJECT(v)) {
+    jsval v;
+    if (argc < 1 || !JSVAL_IS_OBJECT(v = JS_ARGV(cx, vp)[0])) {
         JS_ReportError(cx, "shapeOf: object expected");
         return JS_FALSE;
     }
     JSObject *obj = JSVAL_TO_OBJECT(v);
     if (!obj) {
         *vp = JSVAL_ZERO;
         return JS_TRUE;
     }