beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-22 07:30:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

LibWeb: Don't crash when parsing large floating point number values

Browse source 
Previously, attempting to parse a floating point number with an integer
part larger than `(2 ^ 31) - 1` would cause the browser to crash. We now
avoid this by converting the integer part of the number to a `double`
rather than an `i32`.
This commit is contained in:
Tim Ledbetter 2024-10-30 19:56:43 +00:00 committed by Andreas Kling
parent cf7a1f6a52
commit 21a32e4b6d
Notes: github-actions[bot] 2024-10-31 07:06:15 +00:00 
Author: https://github.com/tcl3
Commit: https://github.com/LadybirdBrowser/ladybird/commit/21a32e4b6dc
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2066
3 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Tests/LibWeb/Text/expected/HTML/HTMLProgressElement-large-max-value.txt Normal file
View file

@ -0,0 +1 @@
progressElement.max: 1e+21

9
Tests/LibWeb/Text/input/HTML/HTMLProgressElement-large-max-value.html Normal file
View file

@ -0,0 +1,9 @@
<!DOCTYPE html>
<progress max="1000000000000000000000"></progress>
<script src="../include.js"></script>
<script>
test(() => {
const progressElement = document.querySelector("progress");
println(`progressElement.max: ${progressElement.max}`);
});
</script>

2
Userland/Libraries/LibWeb/HTML/Numbers.cpp
View file

@ -150,7 +150,7 @@ Optional<double> parse_floating_point_number(StringView string)
lexer.consume_while(is_ascii_digit);
size_t end_index = lexer.tell();
auto digits = lexer.input().substring_view(start_index, end_index - start_index);
auto optional_value = AK::StringUtils::convert_to_int<i32>(digits);
auto optional_value = AK::StringUtils::convert_to_floating_point<double>(digits, TrimWhitespace::No);
value *= optional_value.value();
}