gecko/layout/style/crashtests/1028514-1.html
Brian Birtles 8c5dba9bf8 Bug 1028514 - Check for integer overflow when converting from floating-point number milliseconds; r=froydnj
In TimeStamp_windows.cpp and TimeStamp_darwin.cpp, in
TimeStamp::FromMilliseconds we cast the floating-point number of ticks to
a 64-bit integer before passing to TimeStamp::FromTicks(int64_t).
This means that we skip the check for integer overflow performed by
TimeStamp::FromTicks(double).

This patch simply removes that cast so that we perform overflow checking.

It also adds an assertion to ElementAnimation since this is one place where
the lack of overflow checking was producing a negative value where it should
not.
2014-06-25 09:42:18 +09:00

19 lines
329 B
HTML

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<script>
function boom()
{
document.documentElement.style.animation = "137438953471s bounce";
document.documentElement.offsetHeight;
document.documentElement.style.animationIterationCount = "infinite";
}
</script>
</head>
<body onload="boom();"></body>
</html>