integer-overflow in Date.parse not handled

RESOLVED DUPLICATE of bug 1493715

Status

()

RESOLVED DUPLICATE of bug 1493715
6 years ago
27 days ago

People

(Reporter: anba, Unassigned)

Tracking

(Blocks: 3 bugs)

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [-fsanitize=signed-integer-overflow])

(Reporter)

Description

6 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
Build ID: 20130409194949

Steps to reproduce:

test case:
js> Date.parse("Sat Jan 01 107374182499 00:00:00 GMT+0000")
915148800000

Maybe it's better to return NaN instead of 915148800000, but possibly you just close as WONTFIX, since the behaviour is implementation defined in this case. (JSC/V8/IE10/Opera do return NaN.)
Waldo, what do you think we should do here?
Flags: needinfo?(jwalden+bmo)
Given we're looking at signed integer overflow in the implementation here, which in C++ has undefined behavior, we certainly need to fix *something* here.  The exact behavior for the input string is, as comment 0 implies, not all that important, I'd agree.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(jwalden+bmo)
Whiteboard: [-fsanitize=signed-integer-overflow]

Updated

5 years ago
Blocks: 919486
Assignee: general → nobody
Component: JavaScript Engine → JavaScript: Standard Library
OS: Windows 7 → All
Hardware: x86_64 → All
(Reporter)

Updated

11 months ago
Blocks: 1284975
Status: NEW → RESOLVED
Last Resolved: 27 days ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1493715
You need to log in before you can comment on or make changes to this bug.