RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 04:07:44 +00:00
Code Issues Activity Actions

LibJS: Fix calculation overflow in parse_temporal_time_zone_string()

Browse source 
As all variables and numeric literals in the expression have an integral
data type, it would evaluate to an int and could easily overflow as
we're multiplying seconds with 10^9.

Introduce a floating point literal into the expression to make it result
in a double.
This commit is contained in:
Linus Groh 2022-01-12 20:03:47 +01:00
parent 323e1e17cf
commit 027e4bd439
2 changed files with 36 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Userland/Libraries/LibJS/Runtime/Temporal/AbstractOperations.cpp
View file

@ -1670,8 +1670,11 @@ ThrowCompletionOr<TemporalTimeZone> parse_temporal_time_zone_string(GlobalObject
// i. Let nanoseconds be 0.
nanoseconds = 0;
}
// i. Let offsetNanoseconds be sign × (((hours × 60 + minutes) × 60 + seconds) × 10^9 + nanoseconds).
auto offset_nanoseconds = sign * (((hours * 60 + minutes) * 60 + seconds) * 1000000000 + nanoseconds);
// NOTE: Decimal point in 10^9 is important, otherwise it's all integers and the result overflows!
auto offset_nanoseconds = sign * (((hours * 60 + minutes) * 60 + seconds) * 1000000000.0 + nanoseconds);
// j. Let offsetString be ! FormatTimeZoneOffsetString(offsetNanoseconds).
offset = format_time_zone_offset_string(offset_nanoseconds);
}