Check for integer overflow when validating API function arguments.

BUG=65874 TEST=Added API test. Review URL: http://codereview.chromium.org/7042021 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@86343 0039d316-1c4b-4281-b951-d872f2087c98
author: bolms@chromium.org <bolms@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-05-23 21:38:24 +0000
committer: bolms@chromium.org <bolms@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-05-23 21:38:24 +0000
commit: e7f90569caeddb4ccf203fdc8b453da8437c4346 (patch)
tree: adf26ac58ff59abd1eaa39afbddb464aa3390e97
parent: 33bb16efa9e0c384d7b15b41fbffac3c62aebd13 (diff)
download: chromium_src-e7f90569caeddb4ccf203fdc8b453da8437c4346.zip
chromium_src-e7f90569caeddb4ccf203fdc8b453da8437c4346.tar.gz
chromium_src-e7f90569caeddb4ccf203fdc8b453da8437c4346.tar.bz2
6 files changed, 59 insertions, 3 deletions
diff --git a/chrome/browser/extensions/window_open_apitest.cc b/chrome/browser/extensions/window_open_apitest.cc
index edd13b8..3cd1608 100644
--- a/chrome/browser/extensions/window_open_apitest.cc
+++ b/chrome/browser/extensions/window_open_apitest.cc
@@ -100,6 +100,10 @@ IN_PROC_BROWSER_TEST_F(ExtensionApiTest, WindowOpenFocus) {
 }
 #endif
 
+IN_PROC_BROWSER_TEST_F(ExtensionApiTest, WindowArgumentsOverflow) {
+  ASSERT_TRUE(RunExtensionTest("window_open/argument_overflow")) << message_;
+}
+
 class WindowOpenPanelTest : public ExtensionApiTest {
   virtual void SetUpCommandLine(CommandLine* command_line) {
     ExtensionApiTest::SetUpCommandLine(command_line);
diff --git a/chrome/renderer/extensions/json_schema_unittest.cc b/chrome/renderer/extensions/json_schema_unittest.cc
index d34385b..a932153 100644
--- a/chrome/renderer/extensions/json_schema_unittest.cc
+++ b/chrome/renderer/extensions/json_schema_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -83,6 +83,10 @@ TEST_F(JsonSchemaTest, TestNumber) {
   TestFunction("testNumber");
 }
 
+TEST_F(JsonSchemaTest, TestIntegerBounds) {
+  TestFunction("testIntegerBounds");
+}
+
 TEST_F(JsonSchemaTest, TestType) {
   TestFunction("testType");
 }
diff --git a/chrome/renderer/resources/json_schema.js b/chrome/renderer/resources/json_schema.js
index caac22b..8f588b2 100644
--- a/chrome/renderer/resources/json_schema.js
+++ b/chrome/renderer/resources/json_schema.js
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -75,6 +75,7 @@ chromeHidden.JSONSchemaValidator.messages = {
   numberFiniteNotNan: "Value must not be *.",
   numberMinValue: "Value must not be less than *.",
   numberMaxValue: "Value must not be greater than *.",
+  numberIntValue: "Value must fit in a 32-bit signed integer.",
   numberMaxDecimal: "Value must not have more than * decimal places.",
   invalidType: "Expected '*' but got '*'.",
   invalidChoice: "Value does not match any valid type choices.",
@@ -410,6 +411,10 @@ chromeHidden.JSONSchemaValidator.prototype.validateNumber = function(
   if (schema.maximum && instance > schema.maximum)
     this.addError(path, "numberMaxValue", [schema.maximum]);
 
+  // Check for integer values outside of -2^31..2^31-1.
+  if (schema.type === "integer" && (instance | 0) !== instance)
+    this.addError(path, "numberIntValue", []);
+
   if (schema.maxDecimal && instance * Math.pow(10, schema.maxDecimal) % 1)
     this.addError(path, "numberMaxDecimal", [schema.maxDecimal]);
 };
diff --git a/chrome/test/data/extensions/api_test/window_open/argument_overflow/manifest.json b/chrome/test/data/extensions/api_test/window_open/argument_overflow/manifest.json
new file mode 100644
index 0000000..dec1e69
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/window_open/argument_overflow/manifest.json
@@ -0,0 +1,7 @@
+{
+  "name": "window/argument overflow",
+  "version": "0.1",
+  "description": "Tests window.create with arguments that do not fit in an int32.",
+  "background_page": "test.html",
+  "permissions": ["tabs"]
+}
diff --git a/chrome/test/data/extensions/api_test/window_open/argument_overflow/test.html b/chrome/test/data/extensions/api_test/window_open/argument_overflow/test.html
new file mode 100644
index 0000000..468ea4f
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/window_open/argument_overflow/test.html
@@ -0,0 +1,17 @@
+<script>
+function check_overflow_check(value) {
+  try {
+    chrome.windows.create({ "left": value }, function() { });
+  } catch (e) {
+    chrome.test.assertTrue(e.message.indexOf(
+        "Value must fit in a 32-bit signed integer.") != -1);
+    chrome.test.succeed();
+    return;
+  }
+}
+chrome.test.runTests([
+  function overflow2To31() { check_overflow_check(0x80000000); },
+  function overflowMinus2To31Minus1() { check_overflow_check(-0x80000001); },
+  function overflow2To32() { check_overflow_check(0x100000000); },
+]);
+</script>
diff --git a/chrome/test/data/extensions/json_schema_test.js b/chrome/test/data/extensions/json_schema_test.js
index ee17ec6..e66442f 100644
--- a/chrome/test/data/extensions/json_schema_test.js
+++ b/chrome/test/data/extensions/json_schema_test.js
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -421,6 +421,25 @@ function testNumber() {
                  ]);
 }
 
+function testIntegerBounds() {
+  assertValid("Number",           0, {type:"integer"});
+  assertValid("Number",          -1, {type:"integer"});
+  assertValid("Number",  2147483647, {type:"integer"});
+  assertValid("Number", -2147483648, {type:"integer"});
+  assertNotValid("Number",           0.5, {type:"integer"},
+                 [formatError("numberIntValue", [])]);
+  assertNotValid("Number", 10000000000,   {type:"integer"},
+                 [formatError("numberIntValue", [])]);
+  assertNotValid("Number",  2147483647.5, {type:"integer"},
+                 [formatError("numberIntValue", [])]);
+  assertNotValid("Number",  2147483648,   {type:"integer"},
+                 [formatError("numberIntValue", [])]);
+  assertNotValid("Number",  2147483649,   {type:"integer"},
+                 [formatError("numberIntValue", [])]);
+  assertNotValid("Number", -2147483649,   {type:"integer"},
+                 [formatError("numberIntValue", [])]);
+}
+
 function testType() {
   // valid
   assertValid("Type", {}, {type:"object"});
author	bolms@chromium.org <bolms@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-05-23 21:38:24 +0000
committer	bolms@chromium.org <bolms@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-05-23 21:38:24 +0000
commit	e7f90569caeddb4ccf203fdc8b453da8437c4346 (patch)
tree	adf26ac58ff59abd1eaa39afbddb464aa3390e97
parent	33bb16efa9e0c384d7b15b41fbffac3c62aebd13 (diff)
download	chromium_src-e7f90569caeddb4ccf203fdc8b453da8437c4346.zip chromium_src-e7f90569caeddb4ccf203fdc8b453da8437c4346.tar.gz chromium_src-e7f90569caeddb4ccf203fdc8b453da8437c4346.tar.bz2