Bug 40367

Summary: This issue comes with the use of BigInteger library from the link below. The issue happens only in Safari 5 32bit on mac and windows This library works fine on every other browser under 32bit. This bug is reproducible with webkit nightly in 32bit Library in use ----------- http://www-cs-students.stanford.edu/~tjw/jsbn/ Files ---- jsbn.js - basic BigInteger implementation, just enough for RSA encryption and not much more. jsbn2.js - the rest of the library, including most public BigInteger methods. Steps to Reproduce: 1] Goto http://www-cs-students.stanford.edu/~tjw/jsbn/rsa2.html This is a demo page of the above libraries. Once this page is loaded, the js files above should be in the browsers cache and usable. 2] Once the page is loaded, type this in the address bar javascript:var x = new BigInteger("10000"); var y = new BigInteger("10000"); alert(x.multiply(y)); Expected Results: All browsers on any platform: An alert popup with the value 100000000 Actual Results: Safari 5 32bit - an alert with the value 184217728 All other browsers on any platform - an alert popup with the value 100000000 Notes: A word from the author of that math library "The "am" functions are various implementations of the core inner add-and-multiply loop. There are several implementations to account for the fact that different browsers' JS engines have different bugs when doing bitwise math on large Numbers, and also vary in performance. It sounds like Safari on 32-bit systems has a bug or unexpected behavior that prevents am1 and/or am3 from working properly. The fix would be to identify what assumption am1/am3 depend on that isn't being met by that JS engine and codify it into a test that forces use of am2 under those circumstances. Thanks for the report - I will try to reproduce it on a 32-bit Windows Safari and if successful, will add the appropriate test to the next version of jsbn." Methods in question - Based on the logic below, the am3 algorithm is chosen for safari, firefox and chrome // am: Compute w_j += (x*this_i), propagate carries, // c is initial carry, returns final carry. // c < 3*dvalue, x < 2*dvalue, this_i < dvalue // We need to select the fastest one that works in this environment. // am1: use a single mult and divide to get the high bits, // max digit bits should be 26 because // max internal value = 2*dvalue^2-2*dvalue (< 2^53) function am1(i,x,w,j,c,n) { while(--n >= 0) { var v = x*this[i++]+w[j]+c; c = Math.floor(v/0x4000000); w[j++] = v&0x3ffffff; } return c; } // am2 avoids a big mult-and-extract completely. // Max digit bits should be <= 30 because we do bitwise ops // on values up to 2*hdvalue^2-hdvalue-1 (< 2^31) function am2(i,x,w,j,c,n) { var xl = x&0x7fff, xh = x>>15; while(--n >= 0) { var l = this[i]&0x7fff; var h = this[i++]>>15; var m = xh*l+h*xl; l = xl*l+((m&0x7fff)<<15)+w[j]+(c&0x3fffffff); c = (l>>>30)+(m>>>15)+xh*h+(c>>>30); w[j++] = l&0x3fffffff; } return c; } // Alternately, set max digit bits to 28 since some // browsers slow down when dealing with 32-bit numbers. function am3(i,x,w,j,c,n) { var xl = x&0x3fff, xh = x>>14; while(--n >= 0) { var l = this[i]&0x3fff; var h = this[i++]>>14; var m = xh*l+h*xl; l = xl*l+((m&0x3fff)<<14)+w[j]+c; c = (l>>28)+(m>>14)+xh*h; w[j++] = l&0xfffffff; } return c; } if(j_lm && (navigator.appName == "Microsoft Internet Explorer")) { BigInteger.prototype.am = am2; dbits = 30; } else if(j_lm && (navigator.appName != "Netscape")) { BigInteger.prototype.am = am1; dbits = 26; } else { // Mozilla/Netscape seems to prefer am3 BigInteger.prototype.am = am3; dbits = 28; <<<<<<<<<<<<<<<< changing to 30 bits fixes the issue }