Changeset 287546 in webkit


Ignore:
Timestamp:
Jan 3, 2022 9:46:10 AM (7 months ago)
Author:
ysuzuki@apple.com
Message:

[JSC] Fix Intl.PluralRules.selectRange input validation
https://bugs.webkit.org/show_bug.cgi?id=234817

Reviewed by Alexey Shvayka.

JSTests:

  • stress/intl-pluralrules-select-range-validate-inputs.js: Added.

(shouldThrow):
(Intl.PluralRules.prototype.selectRange.shouldThrow):

Source/JavaScriptCore:

Add specified argument validation[1] to Intl.PluralRules.selectRange.

[1]: https://tc39.es/proposal-intl-numberformat-v3/out/pluralrules/proposed.html#sec-intl.pluralrules.prototype.selectrange

  • runtime/IntlPluralRules.cpp:

(JSC::IntlPluralRules::selectRange const):

  • runtime/IntlPluralRulesPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

Location:
trunk
Files:
1 added
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/JSTests/ChangeLog

    r287545 r287546  
     12022-01-03  Yusuke Suzuki  <ysuzuki@apple.com>
     2
     3        [JSC] Fix Intl.PluralRules.selectRange input validation
     4        https://bugs.webkit.org/show_bug.cgi?id=234817
     5
     6        Reviewed by Alexey Shvayka.
     7
     8        * stress/intl-pluralrules-select-range-validate-inputs.js: Added.
     9        (shouldThrow):
     10        (Intl.PluralRules.prototype.selectRange.shouldThrow):
     11
    1122022-01-03  Yusuke Suzuki  <ysuzuki@apple.com>
    213

  • trunk/Source/JavaScriptCore/ChangeLog

    r287545 r287546  
     12022-01-03  Yusuke Suzuki  <ysuzuki@apple.com>
     2
     3        [JSC] Fix Intl.PluralRules.selectRange input validation
     4        https://bugs.webkit.org/show_bug.cgi?id=234817
     5
     6        Reviewed by Alexey Shvayka.
     7
     8        Add specified argument validation[1] to Intl.PluralRules.selectRange.
     9
     10        [1]: https://tc39.es/proposal-intl-numberformat-v3/out/pluralrules/proposed.html#sec-intl.pluralrules.prototype.selectrange
     11
     12        * runtime/IntlPluralRules.cpp:
     13        (JSC::IntlPluralRules::selectRange const):
     14        * runtime/IntlPluralRulesPrototype.cpp:
     15        (JSC::JSC_DEFINE_HOST_FUNCTION):
     16
    1172022-01-03  Yusuke Suzuki  <ysuzuki@apple.com>
    218

  • trunk/Source/JavaScriptCore/runtime/IntlPluralRules.cpp

    r285730 r287546  
    280280    auto scope = DECLARE_THROW_SCOPE(vm);
    281281
    282     if (start > end) {
    283         throwRangeError(globalObject, scope, "start is larger than end"_s);
    284         return { };
    285     }
     282    if (std::isnan(start) || std::isnan(end))
     283        return throwRangeError(globalObject, scope, "Passed numbers are out of range"_s);
     284
     285    if (end < start)
     286        return throwRangeError(globalObject, scope, "start is larger than end"_s);
     287
     288    if (isNegativeZero(end) && start >= 0)
     289        return throwRangeError(globalObject, scope, "start is larger than end"_s);
    286290
    287291    UErrorCode status = U_ZERO_ERROR;

  • trunk/Source/JavaScriptCore/runtime/IntlPluralRulesPrototype.cpp

    r287543 r287546  
    111111        return JSValue::encode(throwTypeError(globalObject, scope, "Intl.PluralRules.prototype.selectRange called on value that's not a PluralRules"_s));
    112112
    113     double start = callFrame->argument(0).toNumber(globalObject);
     113    JSValue startValue = callFrame->argument(0);
     114    JSValue endValue = callFrame->argument(1);
     115
     116    if (startValue.isUndefined() || endValue.isUndefined())
     117        return throwVMTypeError(globalObject, scope, "start or end is undefined"_s);
     118
     119    double start = startValue.toNumber(globalObject);
    114120    RETURN_IF_EXCEPTION(scope, { });
    115121
    116     double end = callFrame->argument(1).toNumber(globalObject);
     122    double end = endValue.toNumber(globalObject);
    117123    RETURN_IF_EXCEPTION(scope, { });
    118124
Note: See TracChangeset for help on using the changeset viewer.