From d337db4bb1c2bf0c0e126b842a87b20daa6f2b40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bargull?= Date: Mon, 6 Nov 2023 12:28:29 +0000 Subject: [PATCH] Bug 1842810: Handle number overflow in AddTimeDaysSlow. r=spidermonkey-reviewers,mgaudet This code will likely be removed when lands. Differential Revision: https://phabricator.services.mozilla.com/D189814 --- js/src/builtin/temporal/PlainDateTime.cpp | 1 + js/src/builtin/temporal/PlainTime.cpp | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/js/src/builtin/temporal/PlainDateTime.cpp b/js/src/builtin/temporal/PlainDateTime.cpp index a708fb8fb0e2d..5581b8a1d2650 100644 --- a/js/src/builtin/temporal/PlainDateTime.cpp +++ b/js/src/builtin/temporal/PlainDateTime.cpp @@ -714,6 +714,7 @@ static bool AddDateTime(JSContext* cx, const PlainDateTime& dateTime, // Step 4. Duration dateDuration = {duration.years, duration.months, duration.weeks, daysResult}; + MOZ_ASSERT(IsValidDuration(duration)); // Step 5. PlainDate addedDate; diff --git a/js/src/builtin/temporal/PlainTime.cpp b/js/src/builtin/temporal/PlainTime.cpp index 4c2ed62656c9b..51d3ef21d3d4b 100644 --- a/js/src/builtin/temporal/PlainTime.cpp +++ b/js/src/builtin/temporal/PlainTime.cpp @@ -1482,7 +1482,15 @@ static bool AddTimeDaysSlow(JSContext* cx, const PlainTime& time, return false; } - *result = BigInt::numberValue(days); + // The days number is used as the input for a duration. Throw if the BigInt + // when converted to a Number can't be represented in a duration. + double daysNumber = BigInt::numberValue(days); + if (!ThrowIfInvalidDuration(cx, {0, 0, 0, daysNumber})) { + return false; + } + MOZ_ASSERT(IsInteger(daysNumber)); + + *result = daysNumber; return true; } @@ -1635,6 +1643,7 @@ bool js::temporal::AddTime(JSContext* cx, const PlainTime& time, if (!AddTimeDays(cx, time, duration, &days)) { return false; } + MOZ_ASSERT(IsInteger(days)); *result = balanced; *daysResult = days;