Vulnerability Development mailing list archives
Re: MSIE integer overflows
From: xenophi1e <oliver.lavery () sympatico ca>
Date: 16 May 2003 16:47:29 -0000
In-Reply-To: <031901c31b3a$f633d130$0100a8c0 () clippership com> That makes more sense. From the JS 2.0 spec at mozilla.org (http://www.mozilla.org/js/language/js20-1999-03-25/types.html): integer: Double-precision IEEE floating-point numbers that are mathematical integers, including positive and negative zeroes but excluding infinities and NaN number: Double-precision IEEE floating-point numbers, including positive and negative zeroes and infinities and NaN So what your seeing is loss of precision in the mantissa, I guess? Funny that they would choose to call floating point without NaN and +-Inf an "integer". The intervals look funny. Are they consistent with this description? Cheers, ~x
I'm not a Javascript expert, but I think the issue isn't one of overflow, it's that the engine doesn't really store those ints with 64
<snip>
Produces the following: -------------------------------------------------- Starting with 2^56 (72057594037927940) 72057594037927940 != 72057594037927950 72057594037927950 != 72057594037927970 72057594037927970 != 72057594037927980 72057594037927980 != 72057594037928000 72057594037928000 != 72057594037928010
Current thread:
- MSIE integer overflows Berend-Jan Wever (May 12)
- <Possible follow-ups>
- Re: MSIE integer overflows xenophi1e (May 13)
- Re: MSIE integer overflows Berend-Jan Wever (May 14)
- Re: MSIE integer overflows Luciano Miguel Ferreira Rocha (May 15)
- Re: MSIE integer overflows Berend-Jan Wever (May 14)
- Re: MSIE integer overflows xenophi1e (May 14)
- Re: MSIE integer overflows Berend-Jan Wever (May 15)
- RE: MSIE integer overflows Cameron Brown (May 16)
- Re: MSIE integer overflows Berend-Jan Wever (May 15)
- Re: MSIE integer overflows xenophi1e (May 16)