Closed
Bug 1392229
Opened 7 years ago
Closed 7 years ago
JSONs ID's getting rounded up or down
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: robert.butacu, Unassigned)
Details
Attachments
(1 file)
48.29 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Build ID: 20170814072924 Steps to reproduce: Testing my API REST GET method in the Mozilla browser ( using really large numbers like 599515301417369600, which are the IDs). Actual results: IDs are getting rounded up or rounded down depending on ID. Example : Mozilla ID: 599515301417369600 Actual ID: 599515301417369595. Mozilla ID: 5127707187431753000 Actual ID: 5127707187431752235 Expected results: I should receive the ACTUAL IDs, not IDs that are rounded up or down.
Comment 1•7 years ago
|
||
Pretty clearly not a security bug. You posted no code so it's hard to comment much more than saying "we can't help you unless you provide more detail, like a testcase or a link to your application where we can reproduce the problem". However... without any more details, if I had to guess, the problem is that you're representing these IDs as numbers, and in JavaScript, integer numbers start losing precision at some point. This is why you see the rounding. See https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/Number/MAX_SAFE_INTEGER for more details. As an example, taking 2786939033769194000, if you replace the last digits with anything else (e.g. 2786939033769194123) and evaluate it in the web console in the developer tools, you'll see the same rounding. Exactly the same happens in other browsers like Google Chrome, though, because this behaviour is part of the JS spec. You can check for this behaviour by using https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isSafeInteger . I can only suggest you find a better representation of unique identifiers for your application (you could use strings, or you could change the IDs so they're not so large).
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•