Prevent empty handle dereference in Runtime_InternalNumberFormat.

R=jochen@chromium.org BUG=chromium:275467 Review URL: https://codereview.chromium.org/22859025 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Prevent empty handle dereference in Runtime_InternalNumberFormat.
R=jochen@chromium.org BUG=chromium:275467 Review URL: https://codereview.chromium.org/22859025 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
665a6d8a · mstarzinger@chromium.org · 20ca26f4 · 665a6d8a
Commit 665a6d8a authored Aug 19, 2013 by mstarzinger@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

runtime.cc src/runtime.cc +2 -2

No files found.
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -13753,7 +13753,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_InternalNumberFormat) {
  CONVERT_ARG_HANDLE_CHECKED(Object, number, 1);

  bool has_pending_exception = false;
-  double value = Execution::ToNumber(number, &has_pending_exception)->Number();
+  Handle<Object> value = Execution::ToNumber(number, &has_pending_exception);
  if (has_pending_exception) {
    ASSERT(isolate->has_pending_exception());
    return Failure::Exception();
@@ -13764,7 +13764,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_InternalNumberFormat) {
  if (!number_format) return isolate->ThrowIllegalOperation();

  icu::UnicodeString result;
-  number_format->format(value, result);
+  number_format->format(value->Number(), result);

  return *isolate->factory()->NewStringFromTwoByte(
      Vector<const uint16_t>(