LibJS: Cast length to signed integer before subtraction
length is size_t as returned, and so subtracting from it may cause underflow. We handle this case by just casting it to a signed value, and the for loop predicate takes care of the rest.
This commit is contained in:
sin-ack
Andreas Kling
parent
3bea3f11e5
commit
ab39a94fdf
Notes:
sideshowbarker
2024-07-18 07:21:14 +09:00
Author: https://github.com/sin-ack Commit: https://github.com/SerenityOS/serenity/commit/ab39a94fdf5 Pull-request: https://github.com/SerenityOS/serenity/pull/9256 Reviewed-by: https://github.com/gunnarbeutner ✅
1 changed files with 2 additions and 2 deletions
|
|
@ -1521,7 +1521,7 @@ JS_DEFINE_NATIVE_FUNCTION(ArrayPrototype::find_last)
|
|||
|
||||
// 4. Let k be len - 1.
|
||||
// 5. Repeat, while k ≥ 0,
|
||||
for (i64 k = length - 1; k >= 0; --k) {
|
||||
for (i64 k = static_cast<i64>(length) - 1; k >= 0; --k) {
|
||||
// a. Let Pk be ! ToString(𝔽(k)).
|
||||
auto property_name = PropertyName { k };
|
||||
|
||||
|
|
@ -1570,7 +1570,7 @@ JS_DEFINE_NATIVE_FUNCTION(ArrayPrototype::find_last_index)
|
|||
|
||||
// 4. Let k be len - 1.
|
||||
// 5. Repeat, while k ≥ 0,
|
||||
for (i64 k = length - 1; k >= 0; --k) {
|
||||
for (i64 k = static_cast<i64>(length) - 1; k >= 0; --k) {
|
||||
// a. Let Pk be ! ToString(𝔽(k)).
|
||||
auto property_name = PropertyName { k };
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue