mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-27 04:05:32 +00:00
Bug 1551128 - Limit result bit length in BigInt.asUintN on negative values r=jwalden
Differential Revision: https://phabricator.services.mozilla.com/D30874 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
948ce99bd1
commit
fe1a14680c
6
js/src/jit-test/tests/bigint/bug1551128.js
Normal file
6
js/src/jit-test/tests/bigint/bug1551128.js
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
load(libdir + "asserts.js");
|
||||||
|
|
||||||
|
assertEq(BigInt.asUintN(32, -1n), 0xffffffffn);
|
||||||
|
assertThrowsInstanceOf(() => BigInt.asUintN(2**32 - 1, -1n), RangeError);
|
||||||
|
assertThrowsInstanceOf(() => BigInt.asUintN(2**32, -1n), RangeError);
|
||||||
|
assertThrowsInstanceOf(() => BigInt.asUintN(2**53 - 1, -1n), RangeError);
|
@ -2244,6 +2244,12 @@ BigInt* BigInt::truncateAndSubFromPowerOfTwo(JSContext* cx, HandleBigInt x,
|
|||||||
MOZ_ASSERT(bits != 0);
|
MOZ_ASSERT(bits != 0);
|
||||||
MOZ_ASSERT(!x->isZero());
|
MOZ_ASSERT(!x->isZero());
|
||||||
|
|
||||||
|
if (bits > MaxBitLength) {
|
||||||
|
JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
|
||||||
|
JSMSG_BIGINT_TOO_LARGE);
|
||||||
|
return nullptr;
|
||||||
|
}
|
||||||
|
|
||||||
size_t resultLength = CeilDiv(bits, DigitBits);
|
size_t resultLength = CeilDiv(bits, DigitBits);
|
||||||
RootedBigInt result(cx,
|
RootedBigInt result(cx,
|
||||||
createUninitialized(cx, resultLength, resultNegative));
|
createUninitialized(cx, resultLength, resultNegative));
|
||||||
|
@ -204,10 +204,11 @@ class BigInt final : public js::gc::TenuredCell {
|
|||||||
static_assert(DigitBits == 32 || DigitBits == 64,
|
static_assert(DigitBits == 32 || DigitBits == 64,
|
||||||
"Unexpected BigInt Digit size");
|
"Unexpected BigInt Digit size");
|
||||||
|
|
||||||
// The maximum number of digits that the current implementation supports
|
// Limit the size of bigint values to 1 million bits, to prevent excessive
|
||||||
// would be 0x7fffffff / DigitBits. However, we use a lower limit for now,
|
// memory usage. This limit may be raised in the future if needed. Note
|
||||||
// because raising it later is easier than lowering it. Support up to 1
|
// however that there are many parts of the implementation that rely on being
|
||||||
// million bits.
|
// able to count and index bits using a 32-bit signed ints, so until those
|
||||||
|
// sites are fixed, the practical limit is 0x7fffffff bits.
|
||||||
static constexpr size_t MaxBitLength = 1024 * 1024;
|
static constexpr size_t MaxBitLength = 1024 * 1024;
|
||||||
static constexpr size_t MaxDigitLength = MaxBitLength / DigitBits;
|
static constexpr size_t MaxDigitLength = MaxBitLength / DigitBits;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user