From 4501cea97b2174125bbd10e572a808e09399e9af Mon Sep 17 00:00:00 2001 From: "antonm@chromium.org" Date: Tue, 4 May 2010 17:24:41 +0000 Subject: [PATCH] Throw an exception when wrong arguments are passed into SwapElements. This runtime function should operate on elements and thus 'receiver' must be JSObject and indices should be numbers. TBR=lrm@chromium.org,ricow@chromium.org Review URL: http://codereview.chromium.org/1960001 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/runtime.cc | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/src/runtime.cc b/src/runtime.cc index 242d2ccbe4..823889aced 100644 --- a/src/runtime.cc +++ b/src/runtime.cc @@ -7777,29 +7777,23 @@ static Object* Runtime_SwapElements(Arguments args) { ASSERT_EQ(3, args.length()); - Handle object = args.at(0); + CONVERT_ARG_CHECKED(JSObject, object, 0); Handle key1 = args.at(1); Handle key2 = args.at(2); uint32_t index1, index2; - // That must be the most common case. - if (object->IsJSObject() - && Array::IndexFromObject(*key1, &index1) - && Array::IndexFromObject(*key2, &index2)) { - Handle jsobject = Handle::cast(object); - Handle tmp1 = GetElement(jsobject, index1); - Handle tmp2 = GetElement(jsobject, index2); - - SetElement(jsobject, index1, tmp2); - SetElement(jsobject, index2, tmp1); - } else { - Handle tmp1 = GetProperty(object, key1); - Handle tmp2 = GetProperty(object, key2); - - SetProperty(object, key1, tmp2, NONE); - SetProperty(object, key2, tmp1, NONE); + if (!Array::IndexFromObject(*key1, &index1) + || !Array::IndexFromObject(*key2, &index2)) { + return Top::ThrowIllegalOperation(); } + Handle jsobject = Handle::cast(object); + Handle tmp1 = GetElement(jsobject, index1); + Handle tmp2 = GetElement(jsobject, index2); + + SetElement(jsobject, index1, tmp2); + SetElement(jsobject, index2, tmp1); + return Heap::undefined_value(); }