Title: [274946] trunk/Source/WTF
- Revision
- 274946
- Author
- cdu...@apple.com
- Date
- 2021-03-24 10:31:28 -0700 (Wed, 24 Mar 2021)
Log Message
Address undefined behavior found by UBSan in DateMath.h
https://bugs.webkit.org/show_bug.cgi?id=223663
Reviewed by Darin Adler.
Address undefined behavior found by UBSan in DateMath.h
Release/usr/local/include/wtf/DateMath.h:247:39: runtime error: nan is outside the range of representable values of type 'int'
Release/usr/local/include/wtf/DateMath.h:221:29: runtime error: nan is outside the range of representable values of type 'int'
Release/usr/local/include/wtf/DateMath.h:165:38: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
* wtf/DateMath.h:
(WTF::daysFrom1970ToYear):
Cast year to a double *before* substracting 1 instead of *after*. This works around the fact that INT_MIN-1 would not
fit in an int and would be undefined behavior.
(WTF::dayInYear):
(WTF::msToYear):
Deal with the double potentially being NaN before casting to an int, since
casting NaN to an int type has undefined behavior.
Modified Paths
Diff
Modified: trunk/Source/WTF/ChangeLog (274945 => 274946)
--- trunk/Source/WTF/ChangeLog 2021-03-24 17:29:02 UTC (rev 274945)
+++ trunk/Source/WTF/ChangeLog 2021-03-24 17:31:28 UTC (rev 274946)
@@ -1,3 +1,25 @@
+2021-03-24 Chris Dumez <cdu...@apple.com>
+
+ Address undefined behavior found by UBSan in DateMath.h
+ https://bugs.webkit.org/show_bug.cgi?id=223663
+
+ Reviewed by Darin Adler.
+
+ Address undefined behavior found by UBSan in DateMath.h
+ Release/usr/local/include/wtf/DateMath.h:247:39: runtime error: nan is outside the range of representable values of type 'int'
+ Release/usr/local/include/wtf/DateMath.h:221:29: runtime error: nan is outside the range of representable values of type 'int'
+ Release/usr/local/include/wtf/DateMath.h:165:38: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
+
+ * wtf/DateMath.h:
+ (WTF::daysFrom1970ToYear):
+ Cast year to a double *before* substracting 1 instead of *after*. This works around the fact that INT_MIN-1 would not
+ fit in an int and would be undefined behavior.
+
+ (WTF::dayInYear):
+ (WTF::msToYear):
+ Deal with the double potentially being NaN before casting to an int, since
+ casting NaN to an int type has undefined behavior.
+
2021-03-23 Dean Jackson <y...@apple.com>
Enable Metal ANGLE backend for WebGL
Modified: trunk/Source/WTF/wtf/DateMath.h (274945 => 274946)
--- trunk/Source/WTF/wtf/DateMath.h 2021-03-24 17:29:02 UTC (rev 274945)
+++ trunk/Source/WTF/wtf/DateMath.h 2021-03-24 17:31:28 UTC (rev 274946)
@@ -162,7 +162,7 @@
static constexpr int excludedLeapDaysBefore1971By100Rule = 1970 / 100;
static constexpr int leapDaysBefore1971By400Rule = 1970 / 400;
- const double yearMinusOne = year - 1;
+ const double yearMinusOne = static_cast<double>(year) - 1;
const double yearsToAddBy4Rule = floor(yearMinusOne / 4.0) - leapDaysBefore1971By4Rule;
const double yearsToExcludeBy100Rule = floor(yearMinusOne / 100.0) - excludedLeapDaysBefore1971By100Rule;
const double yearsToAddBy400Rule = floor(yearMinusOne / 400.0) - leapDaysBefore1971By400Rule;
@@ -218,7 +218,8 @@
inline int dayInYear(double ms, int year)
{
- return static_cast<int>(msToDays(ms) - daysFrom1970ToYear(year));
+ double result = msToDays(ms) - daysFrom1970ToYear(year);
+ return std::isnan(result) ? 0 : static_cast<int>(result);
}
inline int dayInYear(TimeClippedPositiveMilliseconds ms, int year)
@@ -244,7 +245,10 @@
inline int msToYear(double ms)
{
- int approxYear = static_cast<int>(floor(ms / (msPerDay * 365.2425)) + 1970);
+ double msAsYears = std::floor(ms / (msPerDay * 365.2425));
+ if (std::isnan(msAsYears))
+ msAsYears = 0;
+ int approxYear = static_cast<int>(msAsYears + 1970);
double msFromApproxYearTo1970 = msPerDay * daysFrom1970ToYear(approxYear);
if (msFromApproxYearTo1970 > ms)
return approxYear - 1;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
