shithub: libmujs

Download patch

ref: a7aae8f84b13e63661a445b50e89703e315e79d1
parent: e8dad5a39e2622074659ef68f02ecf2f9f2451bd
author: Tor Andersson <[email protected]>
date: Wed Jul 5 09:23:44 EDT 2017

Clamp to INT_MIN/INT_MAX explicitly in jsV_numbertointeger.

Don't rely on undefined behaviour casting Infinity or out of range
doubles to integer.

--- a/jsvalue.c
+++ b/jsvalue.c
@@ -9,10 +9,12 @@
 
 int jsV_numbertointeger(double n)
 {
-	double sign = n < 0 ? -1 : 1;
+	if (n == 0) return 0;
 	if (isnan(n)) return 0;
-	if (n == 0 || isinf(n)) return n;
-	return sign * floor(fabs(n));
+	n = (n < 0) ? -floor(-n) : floor(n);
+	if (n < INT_MIN) return INT_MIN;
+	if (n > INT_MAX) return INT_MAX;
+	return (int)n;
 }
 
 int jsV_numbertoint32(double n)