[Webkit-unassigned] [Bug 96798] New: [V8] Binding: Converting values < 2^53-1 and > 2^53-1 to long long should throw TypeError

Fri Sep 14 09:34:17 PDT 2012

https://bugs.webkit.org/show_bug.cgi?id=96798

           Summary: [V8] Binding: Converting values < 2^53-1 and > 2^53-1
                    to long long should throw TypeError
           Product: WebKit
           Version: 523.x (Safari 3)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jsbell at chromium.org
                CC: dgrogan at chromium.org, haraken at chromium.org,
                    alecflett at chromium.org

>From the WebIDL spec: http://dev.w3.org/2006/webapi/WebIDL/#es-long-long

1. If x is NaN, +∞, or −∞, then throw a TypeError.
2. Set x to sign(x) * floor(abs(x)).
3. If x < −(2^53 − 1) or x > 2^53 − 1, then throw a TypeError.
4. Return the IDL long long value that represents the same numeric value as x.

Note that there are similar cases for unsigned long long.

The binding code generator says:

return "toInt64($value)" if $type eq "unsigned long long" or $type eq "long long";

and toInt64 defined in bindings/v8/V8Binding.h is:

    inline long long toInt64(v8::Local<v8::Value> value)
    {
        return static_cast<long long>(value->IntegerValue());
    }

... so there are no guard checks. 

This causes IndexedDB to fail the test http://w3c-test.org/webapps/IndexedDB/tests/submissions/Ms2ger/idbfactory_open9.htm

We could special case this in the IDB code, or change toInt64 to incorporate the checks from WebIDL and call throwTypeError().

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.