RESOLVED FIXED 128740
ASSERTION FAILED: (year >= 1970 && yearday >= 0) || (year < 1970 && yearday < 0) in WTF::dateToDaysFrom1970 
https://bugs.webkit.org/show_bug.cgi?id=128740
Summary ASSERTION FAILED: (year >= 1970 && yearday >= 0) || (year < 1970 && yearday <...
Renata Hodovan
Reported 2014-02-13 05:35:15 PST
Created attachment 224058 [details] Test case The test was ran on debug efl jsc: function function_0() { new Date(6501480442020679337816440, 81696082856817131586190070, 1, 1, 1, 1, 1); } function_0(); The backtrace: ASSERTION FAILED: (year >= 1970 && yearday >= 0) || (year < 1970 && yearday < 0) /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/DateMath.cpp(312) : double WTF::dateToDaysFrom1970(int, int, int) 1 0x7ffff740623b WTFCrash 2 0x7ffff74090e2 WTF::dateToDaysFrom1970(int, int, int) 3 0x7ffff72d98d5 JSC::gregorianDateTimeToMS(JSC::VM&, WTF::GregorianDateTime const&, double, bool) 4 0x7ffff72ab18c JSC::constructDate(JSC::ExecState*, JSC::JSGlobalObject*, JSC::ArgList const&) 5 0x7ffff72ab24d 6 0x7ffff73e88d3 7 0x7ffff73eb7fa JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) 8 0x7ffff73ebcb4 JSC::LLInt::genericCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind) 9 0x7ffff73e8a8f 10 0x7ffff73f1664 Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7406240 in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff7406240 in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 #1 0x00007ffff74090e2 in WTF::dateToDaysFrom1970 (year=-2147483648, month=0, day=1) at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/DateMath.cpp:312 #2 0x00007ffff72d98d5 in JSC::gregorianDateTimeToMS (vm=..., t=..., milliSeconds=1, inputIsUTC=false) at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/JSDateMath.cpp:193 #3 0x00007ffff72ab18c in JSC::constructDate (exec=0x7fffffffcb90, globalObject=0x7ffff7f2f970, args=...) at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/DateConstructor.cpp:170 #4 0x00007ffff72ab24d in JSC::constructWithDateConstructor (exec=0x7fffffffcb90) at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/DateConstructor.cpp:180 #5 0x00007ffff73e88d3 in JSC::LLInt::handleHostCall (execCallee=0x7fffffffcb90, pc=0x680358, callee=..., kind=JSC::CodeForConstruct) at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1050 #6 0x00007ffff73eb7fa in JSC::LLInt::setUpCall (execCallee=0x7fffffffcb90, pc=0x680358, kind=JSC::CodeForConstruct, calleeAsValue=..., callLinkInfo=0x67fee0) at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1071 #7 0x00007ffff73ebcb4 in JSC::LLInt::genericCall (exec=0x7fffffffcc10, pc=0x680358, kind=JSC::CodeForConstruct) at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1137 #8 0x00007ffff73e8a8f in JSC::LLInt::llint_slow_path_construct (exec=0x7fffffffcc10, pc=0x680358) at /home/reni2/data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1149 #9 0x00007ffff73f1664 in llint_op_construct () from /home/reni2/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.0 #10 0x00007fffffffcc10 in ?? () #11 0x0000000000000000 in ?? () (gdb)
Attachments
Test case (127 bytes, text/plain)
2014-02-13 05:35 PST, Renata Hodovan 		no flags
Details
Proposed patch (2.69 KB, patch)
2014-02-17 07:42 PST, Dániel Bátyai 		buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from webkit-ews-08 for mac-mountainlion (569.34 KB, application/zip)
2014-02-17 09:00 PST, Build Bot 		no flags
Details
Archive of layout-test-results from webkit-ews-06 for mac-mountainlion (617.50 KB, application/zip)
2014-02-17 09:14 PST, Build Bot 		no flags
Details
Archive of layout-test-results from webkit-ews-14 for mac-mountainlion-wk2 (466.82 KB, application/zip)
2014-02-17 09:32 PST, Build Bot 		no flags
Details
Proposed patch (6.83 KB, patch)
2014-02-19 09:59 PST, Dániel Bátyai 		no flags
DetailsFormatted DiffDiff
Proposed patch (6.88 KB, patch)
2014-02-19 10:07 PST, Dániel Bátyai 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Dániel Bátyai
Comment 1 2014-02-17 07:42:07 PST
Created attachment 224367 [details] Proposed patch
Renata Hodovan
Comment 2 2014-02-17 07:46:06 PST
You should add a test case demonstrating the bug and a bit more longer description about the fix.
Build Bot
Comment 3 2014-02-17 09:00:12 PST
Comment on attachment 224367 [details] Proposed patch Attachment 224367 [details] did not pass mac-ews (mac): Output: http://webkit-queues.appspot.com/results/4958940718694400 New failing tests: js/date-constructor.html js/date-toisostring.html platform/mac/fast/AppleScript/date.html js/date-utc-timeclip.html
Build Bot
Comment 4 2014-02-17 09:00:14 PST
Created attachment 224383 [details] Archive of layout-test-results from webkit-ews-08 for mac-mountainlion The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: webkit-ews-08 Port: mac-mountainlion Platform: Mac OS X 10.8.5
Build Bot
Comment 5 2014-02-17 09:14:26 PST
Comment on attachment 224367 [details] Proposed patch Attachment 224367 [details] did not pass mac-ews (mac): Output: http://webkit-queues.appspot.com/results/5059838493065216 New failing tests: js/date-constructor.html js/date-toisostring.html platform/mac/fast/AppleScript/date.html js/date-utc-timeclip.html
Build Bot
Comment 6 2014-02-17 09:14:28 PST
Created attachment 224385 [details] Archive of layout-test-results from webkit-ews-06 for mac-mountainlion The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: webkit-ews-06 Port: mac-mountainlion Platform: Mac OS X 10.8.5
Build Bot
Comment 7 2014-02-17 09:32:02 PST
Comment on attachment 224367 [details] Proposed patch Attachment 224367 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.appspot.com/results/5575685137498112 New failing tests: js/date-constructor.html js/date-toisostring.html js/date-utc-timeclip.html
Build Bot
Comment 8 2014-02-17 09:32:06 PST
Created attachment 224387 [details] Archive of layout-test-results from webkit-ews-14 for mac-mountainlion-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: webkit-ews-14 Port: mac-mountainlion-wk2 Platform: Mac OS X 10.8.5
Dániel Bátyai
Comment 9 2014-02-19 09:59:04 PST
Created attachment 224645 [details] Proposed patch Very large numbers could cause an overflow which resulted in the assertion failing in WTF::dateToDaysFrom1970 The patch makes DateConstructor check if the number fits into an Int32 before casting
WebKit Commit Bot
Comment 10 2014-02-19 10:01:17 PST
Attachment 224645 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:151: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:152: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:153: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:154: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:155: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:156: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:157: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:230: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:231: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:232: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:233: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:234: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:235: Missing spaces around < [whitespace/operators] [3] ERROR: Source/JavaScriptCore/runtime/DateConstructor.cpp:236: Missing spaces around < [whitespace/operators] [3] Total errors found: 14 in 5 files If any of these errors are false positives, please file a bug against check-webkit-style.
Dániel Bátyai
Comment 11 2014-02-19 10:07:20 PST
Created attachment 224648 [details] Proposed patch Very large numbers could cause an overflow which resulted in the assertion failing in WTF::dateToDaysFrom1970 The patch makes DateConstructor check if the number fits into an Int32 before casting
Dániel Bátyai
Comment 12 2014-02-19 10:10:32 PST
Comment on attachment 224648 [details] Proposed patch Very large numbers could cause an overflow which resulted in the assertion failing in WTF::dateToDaysFrom1970 The patch makes DateConstructor check if the number fits into an Int32 before casting
Geoffrey Garen
Comment 13 2014-02-19 10:34:34 PST
Comment on attachment 224648 [details] Proposed patch r=me
WebKit Commit Bot
Comment 14 2014-02-19 10:53:12 PST
Comment on attachment 224648 [details] Proposed patch Clearing flags on attachment: 224648 Committed r164373: <http://trac.webkit.org/changeset/164373>
WebKit Commit Bot
Comment 15 2014-02-19 10:53:15 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.