23140 – Further Boundary Checking is Necessary on Slice Calls

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 23140 - Further Boundary Checking is Necessary on Slice Calls

Summary: Further Boundary Checking is Necessary on Slice Calls

Status:	RESOLVED FIXED

Alias:	None

Product:	WebAppsWG
Classification:	Unclassified
Component:	File API (show other bugs)
Version:	unspecified
Hardware:	PC All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Arun
QA Contact:	public-webapps-bugzilla

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-09-03 15:09 UTC by Arun
Modified:	2013-09-05 17:57 UTC (History)
CC List:	1 user (show)

See Also:

Attachments

Description Arun 2013-09-03 15:09:29 UTC

https://bugzilla.mozilla.org/show_bug.cgi?id=906413 showcases a slice call on a Blob of size 4 of the sort:

slice(0, Number.MAX_SIZE) 

on which on Fx returns a Blob of size 0, but only because of the 'long long' threshold being reached.

This bug is to introduce further boundary checks on slice calls, disallowing a slice bigger than the original blob for example.

Comment 1 Arun 2013-09-03 15:35:21 UTC

Additionally, the spec should use [Clamp] on long long arguments to slice.

Comment 2 Arun 2013-09-03 16:35:23 UTC

Clarification: the spec already disallows end > size and the equivalent for start.  This bug is to add [Clamp] to the IDL to ensure that a call of the sort

slice(0, Number.MAX_SIZE) 

ends up being equivalent to

slice(0, thisBlob.size)

Comment 3 Arun 2013-09-05 17:57:12 UTC

http://dev.w3.org/2006/webapi/FileAPI/#blob uses [Clamp] in slice method IDL definition.