| Index: Source/WebCore/Modules/indexeddb/IDBCursor.cpp
|
| ===================================================================
|
| --- Source/WebCore/Modules/indexeddb/IDBCursor.cpp (revision 131667)
|
| +++ Source/WebCore/Modules/indexeddb/IDBCursor.cpp (working copy)
|
| @@ -155,7 +155,7 @@
|
| return objectStore->put(IDBObjectStoreBackendInterface::CursorUpdate, IDBAny::create(this), context, value, m_currentPrimaryKey, ec);
|
| }
|
|
|
| -void IDBCursor::advance(unsigned long count, ExceptionCode& ec)
|
| +void IDBCursor::advance(long count, ExceptionCode& ec)
|
| {
|
| IDB_TRACE("IDBCursor::advance");
|
| if (!m_gotValue) {
|
| @@ -168,7 +168,9 @@
|
| return;
|
| }
|
|
|
| - if (!count) {
|
| + // FIXME: This should only need to check for 0 once webkit.org/b/96798 lands.
|
| + const int64_t maxECMAScriptInteger = 0x20000000000000LL - 1;
|
| + if (count < 1 || count > maxECMAScriptInteger) {
|
| ec = NATIVE_TYPE_ERR;
|
| return;
|
| }
|
|
|
Chromium Code Reviews
Issue 11184033:
Merge 131658 - IndexedDB: Enforce unsigned long/unsigned long long ranges (Closed)
Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/1271/