mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-27 04:05:32 +00:00
Bug 1551128 - Limit result bit length in BigInt.asUintN on negative values r=jwalden
Differential Revision: https://phabricator.services.mozilla.com/D30874 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
948ce99bd1
commit
fe1a14680c
6
js/src/jit-test/tests/bigint/bug1551128.js
Normal file
6
js/src/jit-test/tests/bigint/bug1551128.js
Normal file
@ -0,0 +1,6 @@
|
||||
load(libdir + "asserts.js");
|
||||
|
||||
assertEq(BigInt.asUintN(32, -1n), 0xffffffffn);
|
||||
assertThrowsInstanceOf(() => BigInt.asUintN(2**32 - 1, -1n), RangeError);
|
||||
assertThrowsInstanceOf(() => BigInt.asUintN(2**32, -1n), RangeError);
|
||||
assertThrowsInstanceOf(() => BigInt.asUintN(2**53 - 1, -1n), RangeError);
|
@ -2244,6 +2244,12 @@ BigInt* BigInt::truncateAndSubFromPowerOfTwo(JSContext* cx, HandleBigInt x,
|
||||
MOZ_ASSERT(bits != 0);
|
||||
MOZ_ASSERT(!x->isZero());
|
||||
|
||||
if (bits > MaxBitLength) {
|
||||
JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
|
||||
JSMSG_BIGINT_TOO_LARGE);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
size_t resultLength = CeilDiv(bits, DigitBits);
|
||||
RootedBigInt result(cx,
|
||||
createUninitialized(cx, resultLength, resultNegative));
|
||||
|
@ -204,10 +204,11 @@ class BigInt final : public js::gc::TenuredCell {
|
||||
static_assert(DigitBits == 32 || DigitBits == 64,
|
||||
"Unexpected BigInt Digit size");
|
||||
|
||||
// The maximum number of digits that the current implementation supports
|
||||
// would be 0x7fffffff / DigitBits. However, we use a lower limit for now,
|
||||
// because raising it later is easier than lowering it. Support up to 1
|
||||
// million bits.
|
||||
// Limit the size of bigint values to 1 million bits, to prevent excessive
|
||||
// memory usage. This limit may be raised in the future if needed. Note
|
||||
// however that there are many parts of the implementation that rely on being
|
||||
// able to count and index bits using a 32-bit signed ints, so until those
|
||||
// sites are fixed, the practical limit is 0x7fffffff bits.
|
||||
static constexpr size_t MaxBitLength = 1024 * 1024;
|
||||
static constexpr size_t MaxDigitLength = MaxBitLength / DigitBits;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user