Re: MSIE integer overflows

From: xenophi1e <oliver.lavery(at)sympatico.ca>
Date: Tue May 13 2003 - 12:31:25 EDT

('binary' encoding is not supported, stored as-is)
In-Reply-To: <000501c31800$c924bac0$0100a8c0@grotedoos>

>I've been testing MSIE for integer overflows in the DOM and jscript. I've

That's a strange result, but are you sure it's actually meaningful? I don't know Javascript to this level of detial, but I belive in C, at least, the results of those expressions are undefined, since the compiler would have no good reason to evaluate either of the prefix increments first.

>
>But array functions run into problems around 32 bits:

Well the javascript interpreter seems like a not-so-good place to look. Really all these results say is that Javascript integers can overflow, which is vacuously true. As long as the interpreter handles these overflows sanely, they're completely benign (although the Javascript containging them could very well be buggy). If you can find an overflow in the interpreter itself, as opposed to the language it's interpreting, then you would have something interesting.

The 'undefined' result you got when pop()ing 'c' is a little strange, though. Why did you get an undefined result after the array index had already wrapped? If -2147483648 is a valid index, why isn't -2147483647?

Cheers,
~ol Received on Tue May 13 14:22:01 2003