Vulnerability Development mailing list archives

Re: MSIE integer overflows

From: xenophi1e <oliver.lavery () sympatico ca>
Date: 16 May 2003 16:47:29 -0000

In-Reply-To: <031901c31b3a$f633d130$0100a8c0 () clippership com>


That makes more sense. From the JS 2.0 spec at mozilla.org 
(http://www.mozilla.org/js/language/js20-1999-03-25/types.html):

integer:
Double-precision IEEE floating-point numbers that are mathematical 
integers, including positive and negative zeroes but excluding infinities 
and NaN 

number:
Double-precision IEEE floating-point numbers, including positive and 
negative zeroes and infinities and NaN 

So what your seeing is loss of precision in the mantissa, I guess? Funny 
that they would choose to call floating point without NaN and +-Inf 
an "integer".

The intervals look funny. Are they consistent with this description?

Cheers,
~x


I'm not a Javascript expert, but I think the issue isn't one of
overflow, it's that the engine doesn't really store those ints with 64

<snip>

Produces the following:
--------------------------------------------------
Starting with 2^56 (72057594037927940)
72057594037927940 != 72057594037927950
72057594037927950 != 72057594037927970
72057594037927970 != 72057594037927980
72057594037927980 != 72057594037928000
72057594037928000 != 72057594037928010

Current thread:

MSIE integer overflows Berend-Jan Wever (May 12)
- <Possible follow-ups>
- Re: MSIE integer overflows xenophi1e (May 13)
  - Re: MSIE integer overflows Berend-Jan Wever (May 14)
    - Re: MSIE integer overflows Luciano Miguel Ferreira Rocha (May 15)
- Re: MSIE integer overflows xenophi1e (May 14)
  - Re: MSIE integer overflows Berend-Jan Wever (May 15)
    - RE: MSIE integer overflows Cameron Brown (May 16)
- Re: MSIE integer overflows xenophi1e (May 16)