Title: [203376] trunk/Source
- Revision
- 203376
- Author
- msab...@apple.com
- Date
- 2016-07-18 15:20:50 -0700 (Mon, 18 Jul 2016)
Log Message
ASSERTION FAILED: : (year >= 1970 && yearday >= 0) || (year < 1970 && yearday < 0) -- WTF/wtf/DateMath.cpp
https://bugs.webkit.org/show_bug.cgi?id=159883
Reviewed by Filip Pizlo.
Source/_javascript_Core:
New test.
* tests/stress/regress-159883.js: Added.
Source/WTF:
The function daysFrom1970ToYear() takes an integer year and returns a double result.
The calculation uses 1970 as a baseline year and subtracts 1970 from the argument year.
It does that subtraction using integer arithmetic, which given negative years close to
INT_MIN can underflow as a result of subtracting 1970. Since we want a double result,
the fix is to cast year as a double before the subtraction, which eliminates the underflow.
* wtf/DateMath.cpp:
(WTF::daysFrom1970ToYear):
Modified Paths
Added Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (203375 => 203376)
--- trunk/Source/_javascript_Core/ChangeLog 2016-07-18 21:33:45 UTC (rev 203375)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-07-18 22:20:50 UTC (rev 203376)
@@ -1,3 +1,14 @@
+2016-07-18 Michael Saboff <msab...@apple.com>
+
+ ASSERTION FAILED: : (year >= 1970 && yearday >= 0) || (year < 1970 && yearday < 0) -- WTF/wtf/DateMath.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=159883
+
+ Reviewed by Filip Pizlo.
+
+ New test.
+
+ * tests/stress/regress-159883.js: Added.
+
2016-07-12 Filip Pizlo <fpi...@apple.com>
MarkedBlocks should know that they can be used for more than JSCells
Added: trunk/Source/_javascript_Core/tests/stress/regress-159883.js (0 => 203376)
--- trunk/Source/_javascript_Core/tests/stress/regress-159883.js (rev 0)
+++ trunk/Source/_javascript_Core/tests/stress/regress-159883.js 2016-07-18 22:20:50 UTC (rev 203376)
@@ -0,0 +1,5 @@
+// Regression test for 159883. This test should not crash or throw an exception.
+
+d = new Date(-0x80000000, 42);
+if (d.toString() != "Invalid Date")
+ throw "Expected \"Invalid Date\", but got :\"" + d + "\"";
Modified: trunk/Source/WTF/ChangeLog (203375 => 203376)
--- trunk/Source/WTF/ChangeLog 2016-07-18 21:33:45 UTC (rev 203375)
+++ trunk/Source/WTF/ChangeLog 2016-07-18 22:20:50 UTC (rev 203376)
@@ -1,3 +1,19 @@
+2016-07-18 Michael Saboff <msab...@apple.com>
+
+ ASSERTION FAILED: : (year >= 1970 && yearday >= 0) || (year < 1970 && yearday < 0) -- WTF/wtf/DateMath.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=159883
+
+ Reviewed by Filip Pizlo.
+
+ The function daysFrom1970ToYear() takes an integer year and returns a double result.
+ The calculation uses 1970 as a baseline year and subtracts 1970 from the argument year.
+ It does that subtraction using integer arithmetic, which given negative years close to
+ INT_MIN can underflow as a result of subtracting 1970. Since we want a double result,
+ the fix is to cast year as a double before the subtraction, which eliminates the underflow.
+
+ * wtf/DateMath.cpp:
+ (WTF::daysFrom1970ToYear):
+
2016-07-17 Filip Pizlo <fpi...@apple.com>
RegisterSet should use a Bitmap instead of a BitVector so that it never allocates memory and is trivial to copy
Modified: trunk/Source/WTF/wtf/DateMath.cpp (203375 => 203376)
--- trunk/Source/WTF/wtf/DateMath.cpp 2016-07-18 21:33:45 UTC (rev 203375)
+++ trunk/Source/WTF/wtf/DateMath.cpp 2016-07-18 22:20:50 UTC (rev 203376)
@@ -164,7 +164,7 @@
const double yearsToExcludeBy100Rule = floor(yearMinusOne / 100.0) - excludedLeapDaysBefore1971By100Rule;
const double yearsToAddBy400Rule = floor(yearMinusOne / 400.0) - leapDaysBefore1971By400Rule;
- return 365.0 * (year - 1970) + yearsToAddBy4Rule - yearsToExcludeBy100Rule + yearsToAddBy400Rule;
+ return 365.0 * (year - 1970.0) + yearsToAddBy4Rule - yearsToExcludeBy100Rule + yearsToAddBy400Rule;
}
double msToDays(double ms)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
