Fix underflow in JSON.stringify()

Roland Takacs · egavrin · commit 8aeb2a055ec5 · 2015-07-15T16:09:51.000+03:00
JerryScript-DCO-1.0-Signed-off-by: Roland Takacs rtakacs.u-szeged@partner.samsung.com
diff --git a/jerry-core/ecma/builtin-objects/ecma-builtin-json.cpp b/jerry-core/ecma/builtin-objects/ecma-builtin-json.cpp
@@ -1002,8 +1002,8 @@ ecma_builtin_json_stringify (ecma_value_t this_arg __attr_unused___, /**< 'this'
                                  ret_value);
 
     /* 6.a */
-    uint32_t num_of_spaces = ecma_number_to_uint32 (array_length_num);
-    uint32_t space = (num_of_spaces > 10) ? 10 : num_of_spaces;
+    int32_t num_of_spaces = ecma_number_to_int32 (array_length_num);
+    int32_t space = (num_of_spaces > 10) ? 10 : num_of_spaces;
 
     /* 6.b */
     if (space < 1)
@@ -1014,12 +1014,12 @@ ecma_builtin_json_stringify (ecma_value_t this_arg __attr_unused___, /**< 'this'
     {
       MEM_DEFINE_LOCAL_ARRAY (space_buff, space, char);
 
-      for (uint32_t i = 0; i < space; i++)
+      for (int32_t i = 0; i < space; i++)
       {
         space_buff[i] = ' ';
       }
 
-      context_p.gap_str_p = ecma_new_ecma_string_from_utf8 ((lit_utf8_byte_t *) space_buff, space);
+      context_p.gap_str_p = ecma_new_ecma_string_from_utf8 ((lit_utf8_byte_t *) space_buff, (lit_utf8_size_t) space);
 
       MEM_FINALIZE_LOCAL_ARRAY (space_buff);
     }
diff --git a/tests/jerry/json-stringify.js b/tests/jerry/json-stringify.js
@@ -163,12 +163,14 @@ assert (JSON.stringify (object, null, "   ") == '{\n   "a": 2\n}');
 assert (JSON.stringify (object, null, "asd") == '{\nasd"a": 2\n}');
 assert (JSON.stringify (object, null, "asd0123456789") == '{\nasd0123456"a": 2\n}');
 assert (JSON.stringify (object, null, 100) == '{\n          "a": 2\n}');
+assert (JSON.stringify (object, null, -5) == '{"a":2}');
 
 array = [2];
 assert (JSON.stringify (array, null, "   ") == '[\n   2\n]');
 assert (JSON.stringify (array, null, "asd") == '[\nasd2\n]');
 assert (JSON.stringify (array, null, "asd0123456789") == '[\nasd01234562\n]');
 assert (JSON.stringify (array, null, 100) == '[\n          2\n]');
+assert (JSON.stringify (array, null, -5) == '[2]');
 
 nested_object = {"a": 2, "b": {"c": 1, "d": true}};
 assert (JSON.stringify (nested_object, null, 2) == '{\n  "b": {\n    "d": true,\n    "c": 1\n  },\n  "a": 2\n}');

Original file line number	Diff line number	Diff line change
`@@ -1002,8 +1002,8 @@ ecma_builtin_json_stringify (ecma_value_t this_arg __attr_unused___, /**< 'this'`
`1002`	`1002`	`ret_value);`
`1003`	`1003`
`1004`	`1004`	`/* 6.a */`
`1005`		`- uint32_t num_of_spaces = ecma_number_to_uint32 (array_length_num);`
`1006`		`- uint32_t space = (num_of_spaces > 10) ? 10 : num_of_spaces;`
	`1005`	`+ int32_t num_of_spaces = ecma_number_to_int32 (array_length_num);`
	`1006`	`+ int32_t space = (num_of_spaces > 10) ? 10 : num_of_spaces;`
`1007`	`1007`
`1008`	`1008`	`/* 6.b */`
`1009`	`1009`	`if (space < 1)`
`@@ -1014,12 +1014,12 @@ ecma_builtin_json_stringify (ecma_value_t this_arg __attr_unused___, /**< 'this'`
`1014`	`1014`	`{`
`1015`	`1015`	`MEM_DEFINE_LOCAL_ARRAY (space_buff, space, char);`
`1016`	`1016`
`1017`		`- for (uint32_t i = 0; i < space; i++)`
	`1017`	`+ for (int32_t i = 0; i < space; i++)`
`1018`	`1018`	`{`
`1019`	`1019`	`space_buff[i] = ' ';`
`1020`	`1020`	`}`
`1021`	`1021`
`1022`		`- context_p.gap_str_p = ecma_new_ecma_string_from_utf8 ((lit_utf8_byte_t *) space_buff, space);`
	`1022`	`+ context_p.gap_str_p = ecma_new_ecma_string_from_utf8 ((lit_utf8_byte_t *) space_buff, (lit_utf8_size_t) space);`
`1023`	`1023`
`1024`	`1024`	`MEM_FINALIZE_LOCAL_ARRAY (space_buff);`
`1025`	`1025`	`}`