-
jsbell@chromium.org authored
https://bugs.webkit.org/show_bug.cgi?id=99637 Reviewed by Tony Chang. Source/WebCore: The IndexedDB spec has [EnforceRange] specified on unsigned long and unsigned long long arguments, which requires the implementation to throw TypeError for negative values or values that exceed 2^53-1 (maximum JS number that behaves like an integer) - and 0 is specifically forbidden by the APIs as well. A more correct fix in the binding layer is in webkit.org/b/96798 but we can temporarily address this in the implementation. Also refactor to prevent IDBFactory.open(name, -1) from triggering an internal code path. Tests: storage/indexeddb/cursor-advance.html storage/indexeddb/intversion-bad-parameters.html storage/indexeddb/intversion-encoding.html * Modules/indexeddb/IDBCursor.cpp: (WebCore::IDBCursor::advance): Validate argument range. * Modules/indexeddb/IDBCursor.h: (IDBCursor): * Modules/indexeddb/IDBCursor.idl: Drop "unsigned" qualifier as the binding code is not yet doing the correct validation. * Modules/indexeddb/IDBFactory.cpp: Refactor to prevent open(name, -1) (WebCore): (WebCore::IDBFactory::open): Validate the int version here, then pass to... (WebCore::IDBFactory::openInternal): ... this method. * Modules/indexeddb/IDBFactory.h: (IDBFactory): * Modules/indexeddb/IDBFactory.idl: Drop "unsigned" qualifier; meaningless to binding code right now, can be re-added once webkit.org/b/96798 lands. LayoutTests: Additional edge case tests and updated expectations. * storage/indexeddb/cursor-advance-expected.txt: * storage/indexeddb/intversion-bad-parameters-expected.txt: * storage/indexeddb/intversion-encoding-expected.txt: * storage/indexeddb/resources/cursor-advance.js: (testBadAdvance.advanceBadly): (testBadAdvance): * storage/indexeddb/resources/intversion-bad-parameters.js: (deleteSuccess): * storage/indexeddb/resources/intversion-encoding.js: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131658 268f45cc-cd09-0410-ab3c-d52691b4dbfc
9a777932