From e7f90569caeddb4ccf203fdc8b453da8437c4346 Mon Sep 17 00:00:00 2001
From: "bolms@chromium.org"
 <bolms@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Mon, 23 May 2011 21:38:24 +0000
Subject: Check for integer overflow when validating API function arguments.

BUG=65874
TEST=Added API test.

Review URL: http://codereview.chromium.org/7042021

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@86343 0039d316-1c4b-4281-b951-d872f2087c98
---
 chrome/renderer/extensions/json_schema_unittest.cc | 6 +++++-
 chrome/renderer/resources/json_schema.js           | 7 ++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

(limited to 'chrome/renderer')

diff --git a/chrome/renderer/extensions/json_schema_unittest.cc b/chrome/renderer/extensions/json_schema_unittest.cc
index d34385b..a932153 100644
--- a/chrome/renderer/extensions/json_schema_unittest.cc
+++ b/chrome/renderer/extensions/json_schema_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -83,6 +83,10 @@ TEST_F(JsonSchemaTest, TestNumber) {
   TestFunction("testNumber");
 }
 
+TEST_F(JsonSchemaTest, TestIntegerBounds) {
+  TestFunction("testIntegerBounds");
+}
+
 TEST_F(JsonSchemaTest, TestType) {
   TestFunction("testType");
 }
diff --git a/chrome/renderer/resources/json_schema.js b/chrome/renderer/resources/json_schema.js
index caac22b..8f588b2 100644
--- a/chrome/renderer/resources/json_schema.js
+++ b/chrome/renderer/resources/json_schema.js
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -75,6 +75,7 @@ chromeHidden.JSONSchemaValidator.messages = {
   numberFiniteNotNan: "Value must not be *.",
   numberMinValue: "Value must not be less than *.",
   numberMaxValue: "Value must not be greater than *.",
+  numberIntValue: "Value must fit in a 32-bit signed integer.",
   numberMaxDecimal: "Value must not have more than * decimal places.",
   invalidType: "Expected '*' but got '*'.",
   invalidChoice: "Value does not match any valid type choices.",
@@ -410,6 +411,10 @@ chromeHidden.JSONSchemaValidator.prototype.validateNumber = function(
   if (schema.maximum && instance > schema.maximum)
     this.addError(path, "numberMaxValue", [schema.maximum]);
 
+  // Check for integer values outside of -2^31..2^31-1.
+  if (schema.type === "integer" && (instance | 0) !== instance)
+    this.addError(path, "numberIntValue", []);
+
   if (schema.maxDecimal && instance * Math.pow(10, schema.maxDecimal) % 1)
     this.addError(path, "numberMaxDecimal", [schema.maxDecimal]);
 };
-- 
cgit v1.1