diff options
| author | bolms@chromium.org <bolms@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-23 21:38:24 +0000 |
|---|---|---|
| committer | bolms@chromium.org <bolms@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-23 21:38:24 +0000 |
| commit | e7f90569caeddb4ccf203fdc8b453da8437c4346 (patch) | |
| tree | adf26ac58ff59abd1eaa39afbddb464aa3390e97 /chrome/renderer | |
| parent | 33bb16efa9e0c384d7b15b41fbffac3c62aebd13 (diff) | |
| download | chromium_src-e7f90569caeddb4ccf203fdc8b453da8437c4346.zip chromium_src-e7f90569caeddb4ccf203fdc8b453da8437c4346.tar.gz chromium_src-e7f90569caeddb4ccf203fdc8b453da8437c4346.tar.bz2 | |
Check for integer overflow when validating API function arguments.
BUG=65874
TEST=Added API test.
Review URL: http://codereview.chromium.org/7042021
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@86343 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer')
| -rw-r--r-- | chrome/renderer/extensions/json_schema_unittest.cc | 6 | ||||
| -rw-r--r-- | chrome/renderer/resources/json_schema.js | 7 |
2 files changed, 11 insertions, 2 deletions
diff --git a/chrome/renderer/extensions/json_schema_unittest.cc b/chrome/renderer/extensions/json_schema_unittest.cc index d34385b..a932153 100644 --- a/chrome/renderer/extensions/json_schema_unittest.cc +++ b/chrome/renderer/extensions/json_schema_unittest.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -83,6 +83,10 @@ TEST_F(JsonSchemaTest, TestNumber) { TestFunction("testNumber"); } +TEST_F(JsonSchemaTest, TestIntegerBounds) { + TestFunction("testIntegerBounds"); +} + TEST_F(JsonSchemaTest, TestType) { TestFunction("testType"); } diff --git a/chrome/renderer/resources/json_schema.js b/chrome/renderer/resources/json_schema.js index caac22b..8f588b2 100644 --- a/chrome/renderer/resources/json_schema.js +++ b/chrome/renderer/resources/json_schema.js @@ -1,4 +1,4 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -75,6 +75,7 @@ chromeHidden.JSONSchemaValidator.messages = { numberFiniteNotNan: "Value must not be *.", numberMinValue: "Value must not be less than *.", numberMaxValue: "Value must not be greater than *.", + numberIntValue: "Value must fit in a 32-bit signed integer.", numberMaxDecimal: "Value must not have more than * decimal places.", invalidType: "Expected '*' but got '*'.", invalidChoice: "Value does not match any valid type choices.", @@ -410,6 +411,10 @@ chromeHidden.JSONSchemaValidator.prototype.validateNumber = function( if (schema.maximum && instance > schema.maximum) this.addError(path, "numberMaxValue", [schema.maximum]); + // Check for integer values outside of -2^31..2^31-1. + if (schema.type === "integer" && (instance | 0) !== instance) + this.addError(path, "numberIntValue", []); + if (schema.maxDecimal && instance * Math.pow(10, schema.maxDecimal) % 1) this.addError(path, "numberMaxDecimal", [schema.maxDecimal]); }; |