RESOLVED FIXED 234817
[JSC] Fix Intl.PluralRules.selectRange input validation 
https://bugs.webkit.org/show_bug.cgi?id=234817
Summary [JSC] Fix Intl.PluralRules.selectRange input validation
Yusuke Suzuki
Reported 2022-01-03 06:45:17 PST
[JSC] Fix Intl.PluralRules.selectRange input validation
Attachments
Patch (5.73 KB, patch)
2022-01-03 06:45 PST, Yusuke Suzuki 		ashvayka: review+
ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (5.74 KB, patch)
2022-01-03 09:17 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2022-01-03 06:45:56 PST
Created attachment 448230 [details] Patch
Alexey Shvayka
Comment 2 2022-01-03 08:26:30 PST
Comment on attachment 448230 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=448230&action=review > Source/JavaScriptCore/ChangeLog:8 > + Add specified argument validation to Intl.PluralRules.selectRange. Should we include a spec link (https://tc39.es/proposal-intl-numberformat-v3/out/pluralrules/proposed.html#sec-intl.pluralrules.prototype.selectrange)? It's a bit non-trivial to find. > Source/JavaScriptCore/runtime/IntlPluralRules.cpp:288 > + if (isNegativeZero(end) && start >= 0) Hmm, this is interesting: spec's numeric operators (< / <= / > / >=) for Number should "refer to the relevant operations within IEEE 754-2019" (paragraph 3 of https://tc39.es/ecma262/multipage/notational-conventions.html#sec-mathematical-operations). Does the IEEE 754 differentiate between -0 and 0 in comparison operators? Comparing `-0.0 < 0.0` C++ doubles yields `false`.
Yusuke Suzuki
Comment 3 2022-01-03 09:11:38 PST
Comment on attachment 448230 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=448230&action=review >> Source/JavaScriptCore/ChangeLog:8 >> + Add specified argument validation to Intl.PluralRules.selectRange. > > Should we include a spec link (https://tc39.es/proposal-intl-numberformat-v3/out/pluralrules/proposed.html#sec-intl.pluralrules.prototype.selectrange)? It's a bit non-trivial to find. Nice, added. >> Source/JavaScriptCore/runtime/IntlPluralRules.cpp:288 >> + if (isNegativeZero(end) && start >= 0) > > Hmm, this is interesting: spec's numeric operators (< / <= / > / >=) for Number should "refer to the relevant operations within IEEE 754-2019" (paragraph 3 of https://tc39.es/ecma262/multipage/notational-conventions.html#sec-mathematical-operations). > Does the IEEE 754 differentiate between -0 and 0 in comparison operators? Comparing `-0.0 < 0.0` C++ doubles yields `false`. This is aligned to Intl.NumberFormat.formatRange implementation, and IIRC, there is a test for this in test262. And ICU can distinguish -0 and +0, so I think we should check that here for the sane semantics.
Yusuke Suzuki
Comment 4 2022-01-03 09:17:44 PST
Created attachment 448247 [details] Patch
EWS
Comment 5 2022-01-03 09:47:24 PST
Committed r287546 (245681@main): <https://commits.webkit.org/245681@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 448247 [details].
Radar WebKit Bug Importer
Comment 6 2022-01-03 09:48:19 PST
<rdar://problem/87068803>
Note You need to log in before you can comment on or make changes to this bug.