RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 13:27:34 +00:00
Code Issues Activity Actions

LibJS: Fix fraction substring in parse_time_zone_offset_string()

Browse source 
We're supposed to get the substring from `fraction`, which is guaranteed
to have the required length. `fraction_part` is the user-supplied value
and trying to get a substring view from 0-9 might crash.
This commit is contained in:
Linus Groh 2021-11-07 20:01:31 +00:00
parent df2ccb3d38
commit 68d80d239b
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibJS/Runtime/Temporal/TimeZone.cpp
View file

@ -285,7 +285,7 @@ ThrowCompletionOr<double> parse_time_zone_offset_string(GlobalObject& global_obj
auto fraction = String::formatted("{}000000000", *fraction_part);
// b. Let nanoseconds be the String value equal to the substring of fraction consisting of the code units with indices 0 (inclusive) through 9 (exclusive).
// c. Set nanoseconds to ! ToIntegerOrInfinity(nanoseconds).
nanoseconds = MUST(Value(js_string(vm, fraction_part->substring_view(0, 9))).to_integer_or_infinity(global_object));
nanoseconds = MUST(Value(js_string(vm, fraction.substring_view(0, 9))).to_integer_or_infinity(global_object));
}
// 11. Else,
else {