integer-overflow in Date.parse not handled

NEW
Unassigned

Status

()

Core
JavaScript: Standard Library
5 years ago
2 years ago

People

(Reporter: anba, Unassigned)

Tracking

(Blocks: 2 bugs)

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [-fsanitize=signed-integer-overflow])

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
Build ID: 20130409194949

Steps to reproduce:

test case:
js> Date.parse("Sat Jan 01 107374182499 00:00:00 GMT+0000")
915148800000

Maybe it's better to return NaN instead of 915148800000, but possibly you just close as WONTFIX, since the behaviour is implementation defined in this case. (JSC/V8/IE10/Opera do return NaN.)
Waldo, what do you think we should do here?
Flags: needinfo?(jwalden+bmo)
Given we're looking at signed integer overflow in the implementation here, which in C++ has undefined behavior, we certainly need to fix *something* here.  The exact behavior for the input string is, as comment 0 implies, not all that important, I'd agree.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(jwalden+bmo)
Whiteboard: [-fsanitize=signed-integer-overflow]

Updated

4 years ago
Blocks: 919486
(Assignee)

Updated

3 years ago
Assignee: general → nobody
Component: JavaScript Engine → JavaScript: Standard Library
OS: Windows 7 → All
Hardware: x86_64 → All
Blocks: 1274354
You need to log in before you can comment on or make changes to this bug.