Bug 294815
| Summary: | [JSC] Ensure `Date.prototype.setMonth` and `Date.prototype.setUTCMonth` Respects TimeClip Range by Guarding months of GregorianDateTime Overflow | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Keita Nonaka <iKonnyaku40> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Local Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Keita Nonaka
TimeClip[1] function, as referenced in Date.prototype.setMonth[2] and
Date.prototype.setUTCMonth[3], mentions that absolute value of time must not
exceed 8.64E15 in milliseconds, otherwise returns NaN.
However, the current GregorianDateTime class represents years member variable as int.
Therefore, if the years exceeds the maximum representable int,
date calculations may produce incorrect results.
This patch adds a safeguard to ensure that such overflows are prevented
to align the behavior with the TC39 spec.
[1]: https://tc39.es/ecma262/#sec-timeclip
[2]: https://tc39.es/ecma262/#sec-date.prototype.setmonth
[3]: https://tc39.es/ecma262/#sec-date.prototype.setutcmonth
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Keita Nonaka
> However, the current GregorianDateTime class represents years member variable as int.
> Therefore, if the years exceeds the maximum representable int,
> date calculations may produce incorrect results.
should be
However, the current GregorianDateTime class represents months member variable as int.
Therefore, if the months exceeds the maximum representable int,
date calculations may produce incorrect results.
Keita Nonaka
Pull request: https://github.com/WebKit/WebKit/pull/47036
EWS
Committed 296644@main (7d717f937dac): <https://commits.webkit.org/296644@main>
Reviewed commits have been landed. Closing PR #47036 and removing active labels.
Radar WebKit Bug Importer
<rdar://problem/154347472>