Bug 1074651 - Detect integer overflow in BaseTimeDuration::TicksFromMilliseconds; r=bz
authorBrian Birtles <birtles@gmail.com>
Thu, 02 Oct 2014 15:14:12 +0900
changeset 231559 79ea9a38b446e5e46b66fec7365d2ed5e50891a8
parent 231558 33a3fd4d1970f53788f967052d81e07c1d43136f
child 231560 41476731392e5071854bd36eb52faa7a40e8fde7
push id4187
push userbhearsum@mozilla.com
push dateFri, 28 Nov 2014 15:29:12 +0000
treeherdermozilla-beta@f23cc6a30c11 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1074651
milestone35.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1074651 - Detect integer overflow in BaseTimeDuration::TicksFromMilliseconds; r=bz
layout/style/crashtests/1074651-1.html
layout/style/crashtests/crashtests.list
xpcom/ds/TimeStamp_darwin.cpp
xpcom/ds/TimeStamp_posix.cpp
xpcom/ds/TimeStamp_windows.cpp
new file mode 100644
--- /dev/null
+++ b/layout/style/crashtests/1074651-1.html
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<html style="transition-duration: 500000000000000000ms">
+<body onload="document.documentElement.style.strokeWidth = '17px';"></body>
+</html>
--- a/layout/style/crashtests/crashtests.list
+++ b/layout/style/crashtests/crashtests.list
@@ -103,10 +103,11 @@ load 930270-1.html
 load 930270-2.html
 load 945048-1.html
 pref(layers.offmainthreadcomposition.async-animations,true) load 972199-1.html
 load 989965-1.html
 load 992333-1.html
 pref(dom.webcomponents.enabled,true) load 1017798-1.html
 load 1028514-1.html
 load 1066089-1.html
+load 1074651-1.html
 load large_border_image_width.html
 load border-image-visited-link.html
--- a/xpcom/ds/TimeStamp_darwin.cpp
+++ b/xpcom/ds/TimeStamp_darwin.cpp
@@ -98,17 +98,24 @@ BaseTimeDurationPlatformUtils::ToSeconds
   valueSigDigs = sResolutionSigDigs * (valueSigDigs / sResolutionSigDigs);
   return (valueSigDigs * sNsPerTick) / kNsPerSecd;
 }
 
 int64_t
 BaseTimeDurationPlatformUtils::TicksFromMilliseconds(double aMilliseconds)
 {
   NS_ABORT_IF_FALSE(gInitialized, "calling TimeDuration too early");
-  return (aMilliseconds * kNsPerMsd) / sNsPerTick;
+  double result = (aMilliseconds * kNsPerMsd) / sNsPerTick;
+  if (result > INT64_MAX) {
+    return INT64_MAX;
+  } else if (result < INT64_MIN) {
+    return INT64_MIN;
+  }
+
+  return result;
 }
 
 int64_t
 BaseTimeDurationPlatformUtils::ResolutionInTicks()
 {
   NS_ABORT_IF_FALSE(gInitialized, "calling TimeDuration too early");
   return static_cast<int64_t>(sResolution);
 }
--- a/xpcom/ds/TimeStamp_posix.cpp
+++ b/xpcom/ds/TimeStamp_posix.cpp
@@ -147,17 +147,24 @@ BaseTimeDurationPlatformUtils::ToSeconds
   // and chop off insignificant digits
   valueSigDigs = sResolutionSigDigs * (valueSigDigs / sResolutionSigDigs);
   return double(valueSigDigs) / kNsPerSecd;
 }
 
 int64_t
 BaseTimeDurationPlatformUtils::TicksFromMilliseconds(double aMilliseconds)
 {
-  return aMilliseconds * kNsPerMsd;
+  double result = aMilliseconds * kNsPerMsd;
+  if (result > INT64_MAX) {
+    return INT64_MAX;
+  } else if (result < INT64_MIN) {
+    return INT64_MIN;
+  }
+
+  return result;
 }
 
 int64_t
 BaseTimeDurationPlatformUtils::ResolutionInTicks()
 {
   return static_cast<int64_t>(sResolution);
 }
 
--- a/xpcom/ds/TimeStamp_windows.cpp
+++ b/xpcom/ds/TimeStamp_windows.cpp
@@ -429,17 +429,24 @@ BaseTimeDurationPlatformUtils::ToSeconds
   // and chop off insignificant digits
   valueSigDigs = resolutionSigDigs * (valueSigDigs / resolutionSigDigs);
   return double(valueSigDigs) / kNsPerSecd;
 }
 
 int64_t
 BaseTimeDurationPlatformUtils::TicksFromMilliseconds(double aMilliseconds)
 {
-  return ms2mt(aMilliseconds);
+  double result = ms2mt(aMilliseconds);
+  if (result > INT64_MAX) {
+    return INT64_MAX;
+  } else if (result < INT64_MIN) {
+    return INT64_MIN;
+  }
+
+  return result;
 }
 
 int64_t
 BaseTimeDurationPlatformUtils::ResolutionInTicks()
 {
   return static_cast<int64_t>(sResolution);
 }