https://www.w3.org/Bugs/Public/show_bug.cgi?id=23140
Bug ID: 23140 Summary: Further Boundary Checking is Necessary on Slice Calls Classification: Unclassified Product: WebAppsWG Version: unspecified Hardware: PC OS: All Status: NEW Severity: normal Priority: P2 Component: File API Assignee: a...@mozilla.com Reporter: a...@mozilla.com QA Contact: public-webapps-bugzi...@w3.org CC: public-webapps@w3.org https://bugzilla.mozilla.org/show_bug.cgi?id=906413 showcases a slice call on a Blob of size 4 of the sort: slice(0, Number.MAX_SIZE) on which on Fx returns a Blob of size 0, but only because of the 'long long' threshold being reached. This bug is to introduce further boundary checks on slice calls, disallowing a slice bigger than the original blob for example. -- You are receiving this mail because: You are on the CC list for the bug.