IndexedDB: Enforce unsigned long/unsigned long long ranges
authorjsbell@chromium.org <jsbell@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Oct 2012 22:48:44 +0000 (22:48 +0000)
committerjsbell@chromium.org <jsbell@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Oct 2012 22:48:44 +0000 (22:48 +0000)
commit364fbc27d450fb4cadae36639742f3c49d23b482
tree28a7eb056d53ebc3e965d332e51e8f4c92c2764e
parent785d727bb7ea290ffed5bc1ff3f3091cf0a54981
IndexedDB: Enforce unsigned long/unsigned long long ranges
https://bugs.webkit.org/show_bug.cgi?id=99637

Reviewed by Tony Chang.

Source/WebCore:

The IndexedDB spec has [EnforceRange] specified on unsigned long and unsigned long long
arguments, which requires the implementation to throw TypeError for negative values or
values that exceed 2^53-1 (maximum JS number that behaves like an integer) - and 0 is
specifically forbidden by the APIs as well.

A more correct fix in the binding layer is in webkit.org/b/96798 but we can temporarily
address this in the implementation.

Also refactor to prevent IDBFactory.open(name, -1) from triggering an internal code path.

Tests: storage/indexeddb/cursor-advance.html
       storage/indexeddb/intversion-bad-parameters.html
       storage/indexeddb/intversion-encoding.html

* Modules/indexeddb/IDBCursor.cpp:
(WebCore::IDBCursor::advance): Validate argument range.
* Modules/indexeddb/IDBCursor.h:
(IDBCursor):
* Modules/indexeddb/IDBCursor.idl: Drop "unsigned" qualifier as the binding code is
not yet doing the correct validation.
* Modules/indexeddb/IDBFactory.cpp: Refactor to prevent open(name, -1)
(WebCore):
(WebCore::IDBFactory::open): Validate the int version here, then pass to...
(WebCore::IDBFactory::openInternal): ... this method.
* Modules/indexeddb/IDBFactory.h:
(IDBFactory):
* Modules/indexeddb/IDBFactory.idl: Drop "unsigned" qualifier; meaningless to binding
code right now, can be re-added once webkit.org/b/96798 lands.

LayoutTests:

Additional edge case tests and updated expectations.

* storage/indexeddb/cursor-advance-expected.txt:
* storage/indexeddb/intversion-bad-parameters-expected.txt:
* storage/indexeddb/intversion-encoding-expected.txt:
* storage/indexeddb/resources/cursor-advance.js:
(testBadAdvance.advanceBadly):
(testBadAdvance):
* storage/indexeddb/resources/intversion-bad-parameters.js:
(deleteSuccess):
* storage/indexeddb/resources/intversion-encoding.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@131658 268f45cc-cd09-0410-ab3c-d52691b4dbfc
16 files changed:
LayoutTests/ChangeLog
LayoutTests/storage/indexeddb/cursor-advance-expected.txt
LayoutTests/storage/indexeddb/intversion-bad-parameters-expected.txt
LayoutTests/storage/indexeddb/intversion-encoding-expected.txt
LayoutTests/storage/indexeddb/open-bad-versions-expected.txt [new file with mode: 0644]
LayoutTests/storage/indexeddb/open-bad-versions.html [new file with mode: 0644]
LayoutTests/storage/indexeddb/resources/cursor-advance.js
LayoutTests/storage/indexeddb/resources/intversion-bad-parameters.js
LayoutTests/storage/indexeddb/resources/intversion-encoding.js
Source/WebCore/ChangeLog
Source/WebCore/Modules/indexeddb/IDBCursor.cpp
Source/WebCore/Modules/indexeddb/IDBCursor.h
Source/WebCore/Modules/indexeddb/IDBCursor.idl
Source/WebCore/Modules/indexeddb/IDBFactory.cpp
Source/WebCore/Modules/indexeddb/IDBFactory.h
Source/WebCore/Modules/indexeddb/IDBFactory.idl