From bd30d3aa54629d3b49a8cfe3e2767fafa3effde3 Mon Sep 17 00:00:00 2001
From: "jochen@chromium.org"
 <jochen@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Tue, 20 Aug 2013 08:17:43 +0000
Subject: [PATCH] Fix null handle deref in InternalDateFormat

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/22927014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16237 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/runtime.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/runtime.cc b/src/runtime.cc
index 34fc99d..6aafa05 100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -13649,7 +13649,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_InternalDateFormat) {
   CONVERT_ARG_HANDLE_CHECKED(JSDate, date, 1);
 
   bool has_pending_exception = false;
-  double millis = Execution::ToNumber(date, &has_pending_exception)->Number();
+  Handle<Object> value = Execution::ToNumber(date, &has_pending_exception);
   if (has_pending_exception) {
     ASSERT(isolate->has_pending_exception());
     return Failure::Exception();
@@ -13660,7 +13660,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_InternalDateFormat) {
   if (!date_format) return isolate->ThrowIllegalOperation();
 
   icu::UnicodeString result;
-  date_format->format(millis, result);
+  date_format->format(value->Number(), result);
 
   return *isolate->factory()->NewStringFromTwoByte(
       Vector<const uint16_t>(
-- 
2.7.4