Closed Bug 327869 Opened 19 years ago Closed 17 years ago

new Date (1899, 0).toLocaleString() causes abnormal program termination if compiled with VC 8

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows XP
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.9beta2

People

(Reporter: daumling, Assigned: MatsPalmgren_bugz)

References

Details

Attachments

(3 files, 5 obsolete files)

Another attempt
6.75 KB, patch
crowderbt
: review+
mtschrep
: approval1.9+
Details | Diff | Splinter Review
a few testcases...
1.87 KB, text/plain
Details
Regression tests
6.32 KB, patch
Details | Diff | Splinter Review
Long live Microsoft! new Date (1899, 0).toLocaleString() calls PRMJ_FormatTime(), and that function uses strftime(). In VC 8, strftime() validates its parameters. PRMJ_FormatTime() sets the year to -1 (year - 1900) and Microsoft treats -1 for a year as an invalid parameter (from the online help for strftime()): This function validates its parameters. If strDest, format, or timeptr is a null pointer, or if the tm data structure addressed by timeptr is invalid (for example, if it contains out of range values for the time or date), the invalid parameter handler is invoked, as described in Parameter Validation. If execution is allowed to continue, the function returns 0 and sets errno to EINVAL. And guess what? The default invalid parameter handler terminates the program... strftime() is still 1900-based. Therefore, it cannot be used to print years prior to 1900 anymore.
Attached patch Brute-force fix (obsolete) — Splinter Review
This is a brute-force fix. If the year is < 1900, the year is replaced with the year 8099, which causes strftime() to print 9999 as the year. Afterwards, the year 9999 is replaced with the real year. Ugly, but works. Brendan, let me know if you can live with such an ugly fix.
Attachment #212531 - Flags: review?(brendan)
Comment on attachment 212531 [details] [diff] [review] Brute-force fix Hard to object -- could you comment the 8099 number a bit more? Thanks. /be
Attachment #212531 - Flags: review?(brendan) → review+
Since Brendan already granted review, this patch is just for the records. Will check in that patch today.
Attachment #212531 - Attachment is obsolete: true
Comment on attachment 212759 [details] [diff] [review] Same fix with added comments for 8099. > a.tm_mon = prtm->tm_mon; > a.tm_wday = prtm->tm_wday; >- a.tm_year = prtm->tm_year - 1900; >+ /* Use 8099 as the year if the year is < 1900. strftime() adds 1900 */ >+ /* the the year, resulting in 8099 + 1900 = 9999, which is a fine marker. */ >+ a.tm_year = badYear ? 8099 : prtm->tm_year - 1900; Nit: more consistent comment style would add a blank line, then use a major (multiline) comment: /* * Major comments look * like this. */ Note also "the the" typo. /be
Attached patch At your service... (obsolete) — Splinter Review
Attachment #212763 - Flags: review?(brendan)
Attachment #212759 - Attachment is obsolete: true
Comment on attachment 212763 [details] [diff] [review] At your service... > a.tm_wday = prtm->tm_wday; >- a.tm_year = prtm->tm_year - 1900; >+ /* >+ * Use 8099 as the year if the year is < 1900. strftime() adds 1900 >+ * the year, resulting in 8099 + 1900 = 9999, which is a fine marker. >+ */ I hate to be a nit-picker (well, actually, I don't ;-), but you forgot the blank line before the major comment, and there is still a missing "to" before the undoubled "the". /be
Attachment #212763 - Flags: review?(brendan) → review-
Attached patch No problem! (obsolete) — Splinter Review
Attachment #212763 - Attachment is obsolete: true
Attachment #212786 - Flags: review?(brendan)
Comment on attachment 212786 [details] [diff] [review] No problem! So much for Windows compatibility. Where is Raymond Chen when we need him? /be
Attachment #212786 - Flags: review?(brendan) → review+
Patch checked in (prmjtime.c #3.53)
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
The check in for this bug has caused Bug 328482. Instead of the time in local format (e.g. "18:00") "Sun Dec 31 1899 1:00:00 GMT+0100" is now displayed in Lightning and Sunbird event dialog. After backing out the patch on prmjtime.c everything displays fine again.
Blocks: 328482
(In reply to comment #10) > The check in for this bug has caused Bug 328482. Calendar/Sunbird/Lightning uses toLocaleFormat to convert a time into local format. Before this patch "new Date(0, 0, 0, 13, 14, 15, 0).toLocaleFormat('%H:%M:%S')" returned "13:14:15". After this patch "new Date(0, 0, 0, 13, 14, 15, 0).toLocaleFormat('%H:%M:%S')" returns "Sun Dec 31 1899 13:14:15 GMT+0000". Apparently the format string passed in is completely ignored now. This looks like an error in this patch to me.
Michael, I backed out your change. Sorry I missed the obvious use-case that broke. Reopening. /be
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee: general → daumling
Status: REOPENED → NEW
My patch was really silly. Fixing the whole Date.xxLocaleXxx area seems to be pretty tough, especially if you cannot use PRMJ_FormatTime(). Since ECMA says that the toLocaleString(), toLocaleDateString() and toLocaleTimeString() are implementation dependent, why not just treat them as synonyms for toString(), toDateString() and toTimeSTring() for now?
Page Info uses toLocaleString; if you really can't find a better solution I'd suggest you only fall back to toString if the year is < 1900, that shouldn't hurt Page Info.
Blocks: 354073
Attached patch Another attemptSplinter Review
Michael, hope you don't mind my intrusion. I think the basic idea of mapping the invalid years onto a valid but "fake" year and then string replace that with the real year after strftime() is done is a good approach. Note also that years above 9999 also causes termination. This patch maps invalid years to the interval 9900 + year % 100 which makes 2-digit year format (%y) also work. The patch also handles multiple occurrences, eg "%Y%Y...". Brendan, you might want to review bug 395836 at the same time.
Assignee: daumling → mats.palmgren
Attachment #212786 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #281000 - Flags: superreview?(brendan)
Attachment #281000 - Flags: review?(brendan)
Severity: major → critical
Flags: in-testsuite?
Flags: blocking1.9?
Keywords: crash
Attached file a few testcases...
Severity: critical → major
Severity: major → critical
Comment on attachment 281000 [details] [diff] [review] Another attempt No need for sr? flag requests in SpiderMonkey. /be
Attachment #281000 - Flags: superreview?(brendan)
Attachment #281000 - Flags: superreview?
Attachment #281000 - Flags: review?(crowder)
Attachment #281000 - Flags: review?(brendan)
What cases do we return invalid date for? It seems like if I use 99999 as my year, I don't get an invalid date error, but the year return by toLocalFormat comes back as 32767. Fixable? What does the spec say for this?
(In reply to comment #18) > What cases do we return invalid date for? PRMJ_FormatTime() will fail when strftime() fails (platform dependent), or when the supplied buffer is too small to hold the value -- when it fails toLocaleFormat() will use a fallback format (same result as toString()). > It seems like if I use 99999 as my year, I don't get an invalid date error, > but the year return by toLocalFormat comes back as 32767. Fixable? "new Date(99999, 0).toLocaleString()" leads to a call to PRMJ_FormatTime() with prtm->tm_year == 32767, so the error occurs earlier. The root casue seems to be that 'tm_year' is a 16-bit field: http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/js/src/prmjtime.h&rev=3.18&root=/cvsroot&mark=67#56 PRMJ_FormatTime() itself would behave well for 'tm_year' values > 32767. > What does the spec say for this? ECMA-262 15.9.5.5 says: Date.prototype.toLocaleString ( ) This function returns a string value. The contents of the string are implementation-dependent, but are intended to represent the Date in the current time zone in a convenient, human-readable form that corresponds to the conventions of the host environment's current locale. toLocaleFormat() isn't in any ECMA standard according to MDC: http://developer.mozilla.org/en/docs/index.php?title=User:Waldo:Date.toLocaleFormat&printable=yes So, I agree that clamping 99999 to 32767 is bug if the platform's strftime() and 'struct tm' can handle it... Anyway, I would prefer to handle that in a separate bug (filed bug 398485).
Attached patch Regression tests (obsolete) — Splinter Review
Regression tests, I'll add some more covering years > 32767 in bug 398485.
Attachment #283479 - Flags: review?(crowder)
Attachment #281000 - Flags: superreview?
Comment on attachment 283479 [details] [diff] [review] Regression tests Letting bc do test-case review.
Attachment #283479 - Flags: review?(crowder) → review?(bclary)
Attachment #281000 - Flags: review?(crowder) → review+
Comment on attachment 283479 [details] [diff] [review] Regression tests >Index: js/tests/js1_5/Date/toLocaleFormat.js >=================================================================== >RCS file: /cvsroot/mozilla/js/tests/js1_5/Date/toLocaleFormat.js,v >retrieving revision 1.4 >diff -p -u -1 -2 -r1.4 toLocaleFormat.js >--- js/tests/js1_5/Date/toLocaleFormat.js 26 May 2007 00:19:36 -0000 1.4 >+++ js/tests/js1_5/Date/toLocaleFormat.js 3 Oct 2007 19:49:04 -0000 >@@ -232,12 +232,143 @@ reportCompare(expect, actual, 'Date.toLo > > expect = '05'; > actual = date.toLocaleFormat('%y'); > reportCompare(expect, actual, 'Date.toLocaleFormat("%y")'); > > expect = '2005'; > actual = date.toLocaleFormat('%Y'); > reportCompare(expect, actual, 'Date.toLocaleFormat("%Y")'); > > expect = '%'; > actual = date.toLocaleFormat('%%'); > reportCompare(expect, actual, 'Date.toLocaleFormat("%%")'); >+ >+ >+expect = '1899 99'; >+temp='%Y %y'; >+actual = new Date(0, 0, 0, 13, 14, 15, 0).toLocaleFormat(temp); >+reportCompare(expect, actual, 'Date.toLocaleFormat("'+temp+'")'); >+ >+expect = '1899189918991899189918991899189918991899189918991899189918991899189918991899189918991899'; >+temp = '%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y'; >+actual = new Date(0, 0, 0, 13, 14, 15, 0).toLocaleFormat(temp); >+reportCompare(expect, actual, 'Date.toLocaleFormat("'+temp+'")'); >+ >+expect = 'xxx189918991899189918991899189918991899189918991899189918991899189918991899189918991899189918991899'; >+temp = 'xxx%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y'; >+actual = new Date(0, 0, 0, 13, 14, 15, 0).toLocaleFormat(temp); >+reportCompare(expect, actual, 'Date.toLocaleFormat("'+temp+'")'); >+ >+expect = new Date(0, 0, 0, 13, 14, 15, 0).toString();; nit: double ;; >+temp = 'xxxx%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y'; >+actual = new Date(0, 0, 0, 13, 14, 15, 0).toLocaleFormat(temp); >+reportCompare(expect, actual, 'Date.toLocaleFormat("'+temp+'")'); 1777 static JSBool 1778 date_toLocaleHelper(JSContext *cx, const char *format, jsval *vp) 1779 { 1780 JSObject *obj; 1781 char buf[100]; The 100 byte limitation on the output string is SpiderMonkey only right? Can you add a comment to that fact? r+ with those nits picked.
Attachment #283479 - Flags: review?(bclary) → review+
Attachment #281000 - Flags: approval1.9?
Attached patch Regression testsSplinter Review
(In reply to comment #22) > nit: double ;; fixed > The 100 byte limitation on the output string is SpiderMonkey only right? No, that limitation applies to all products AFAICT. E.g. the following link results in a fallback date string in Firefox: javascript:alert((new%20Date).toLocaleFormat('1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890'))
Attachment #283479 - Attachment is obsolete: true
(In reply to comment #23) > Created an attachment (id=284184) [details] > Regression tests > > (In reply to comment #22) > > nit: double ;; > > fixed Ok. thanks. > > > The 100 byte limitation on the output string is SpiderMonkey only right? > > No, that limitation applies to all products AFAICT. I'm sorry. I wasn't clear. I meant only in Mozilla's implementation rather than in IE or Opera but since neither supports toLocaleFormat it doesn't really matter. I also need to also move this test into extensions as a non-standard feature. How would I go about testing the two paths in date_toLocaleFormat where JS_FALSE is returned? Also, if I pass an object to toLocaleFormat, it will return the object unchanged. Is that a valid test? date_toLocaleFormat(JSContext *cx, uintN argc, jsval *vp) { JSString *fmt; const char *fmtbytes; if (argc == 0) return date_toLocaleString(cx, argc, vp); fmt = js_ValueToString(cx, vp[2]); if (!fmt) return JS_FALSE; vp[2] = STRING_TO_JSVAL(fmt); fmtbytes = js_GetStringBytes(cx, fmt); if (!fmtbytes) return JS_FALSE; return date_toLocaleHelper(cx, fmtbytes, vp); } I'll go ahead and check this test in when its ready. I need to segregate some of the commented out tests for bug 395836 along with checking with Norris. Norris, is this a test you would want excluded or modified for Rhino?
I've gone ahead and checked this in with some minor modifications including additional credits for Michael and Mats. Checking in toLocaleFormat.js; /cvsroot/mozilla/js/tests/js1_5/Date/toLocaleFormat.js,v <-- toLocaleFormat.js new revision: 1.5; previous revision: 1.4 I will be moving it to js1_5/extensions/ shortly. See Bug 370585 for details.
Flags: in-testsuite? → in-testsuite+
While this isn't a huge bug, I think it's worth fixing and we have what looks like a reasonable and relatively safe patch. Thus, P3
Priority: -- → P3
Attachment #281000 - Flags: approval1.9? → approval1.9+
Keywords: crashcheckin-needed
Easy fix - already has approved patch so just moving to blocking list
Flags: blocking1.9? → blocking1.9+
Checking in js/src/prmjtime.c; /cvsroot/mozilla/js/src/prmjtime.c,v <-- prmjtime.c new revision: 3.64; previous revision: 3.63 done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago17 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9 M10
js1_5/extensions/toLocaleFormat-01.js verfied fixed 1.9.0 linux|mac|win
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: