Date object needs to check for ES5 15.9.1.14 TimeClip limit.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 7 Apr 2014 18:24:31 +0000 (18:24 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 7 Apr 2014 18:24:31 +0000 (18:24 +0000)
commitcb3eb66bb8eb530e1a129793879597a11296dbbc
tree2404f823a45ec6b8036232a2c7d50dbb525b0f58
parent5f3c5ea38986d7cfa9fd98d9f5df2a3250226d20
Date object needs to check for ES5 15.9.1.14 TimeClip limit.
<https://webkit.org/b/131248>

Reviewed by Mark Hahnenberg.

Source/JavaScriptCore:

The current Date object code does not adequately check for the ES5
15.9.1.14 TimeClip limit.  As a result, some calculations can underflow
/ overflow and produce unexpected results.

For example, we were getting an assertion failure in
WTF::equivalentYearForDST() due int underflows in this function, which
in turn were due to an int overflow in WTF::msToYear().

This patch adds the needed checks, and adds some assertions to ensure
that the used values are sane.

The changes have no noticeable impact on benchmark results.

* runtime/DateConstructor.cpp:
(JSC::callDate):
* runtime/JSDateMath.cpp:
(JSC::localTimeOffset):
(JSC::gregorianDateTimeToMS):
(JSC::msToGregorianDateTime):
(JSC::parseDateFromNullTerminatedCharacters):
(JSC::parseDate):
* runtime/JSDateMath.h:
- parseDateFromNullTerminatedCharacters() does not need to be public.
  Made it a static function.
* runtime/VM.cpp:
(JSC::VM::resetDateCache):
- Changed cachedDateStringValue to use std::numeric_limits<double>::quiet_NaN()
  to be consistent with other Date code.

Source/WTF:

* wtf/DateMath.cpp:
- Moved the definition of maxECMAScriptTime to the .h file so that we
  can use it in other files as well.
(WTF::msToYear):
- Removed a stale comment for parseDateFromNullTerminatedCharacters().
* wtf/DateMath.h:

LayoutTests:

* js/regress-131248-expected.txt: Added.
* js/regress-131248.html: Added.
* js/script-tests/regress-131248.js: Added.
(testDateFromSetDateAdjustement):
(testDateFromSetTimeWithMilliseconds):
(testDateFromString):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@166876 268f45cc-cd09-0410-ab3c-d52691b4dbfc
12 files changed:
LayoutTests/ChangeLog
LayoutTests/js/regress-131248-expected.txt [new file with mode: 0644]
LayoutTests/js/regress-131248.html [new file with mode: 0644]
LayoutTests/js/script-tests/regress-131248.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/DateConstructor.cpp
Source/JavaScriptCore/runtime/JSDateMath.cpp
Source/JavaScriptCore/runtime/JSDateMath.h
Source/JavaScriptCore/runtime/VM.cpp
Source/WTF/ChangeLog
Source/WTF/wtf/DateMath.cpp
Source/WTF/wtf/DateMath.h