StringToNumber: Fix integer overflow on parsing INT_MIN.

third_party/WebKit/Source/wtf/text/StringToNumber.cpp

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "wtf/text/StringToNumber.h"
 
 #include "wtf/ASCIICType.h"
 #include "wtf/dtoa.h"
 #include "wtf/text/StringImpl.h"
+#include <type_traits>
 
 namespace WTF {
 
 static bool isCharacterAllowedInBase(UChar c, int base) {
   if (c > 0x7F)
     return false;
   if (isASCIIDigit(c))
     return c - '0' < base;
   if (isASCIIAlpha(c)) {
     if (base > 36)
       base = 36;
     return (c >= 'a' && c < 'a' + base - 10) ||
            (c >= 'A' && c < 'A' + base - 10);
   }
   return false;
 }
 
 template <typename IntegralType, typename CharType>
 static inline IntegralType toIntegralType(const CharType* data,
                                           size_t length,
                                           bool* ok,
                                           int base) {
-  static const IntegralType integralMax =
+  static_assert(std::is_integral<IntegralType>::value,
+                "IntegralType must be an integral type.");
+  static constexpr IntegralType integralMax =
       std::numeric_limits<IntegralType>::max();
-  static const bool isSigned = std::numeric_limits<IntegralType>::is_signed;
-  const IntegralType maxMultiplier = integralMax / base;
+  static constexpr IntegralType integralMin =
+      std::numeric_limits<IntegralType>::min();
+  static constexpr bool isSigned = std::numeric_limits<IntegralType>::is_signed;
 
   IntegralType value = 0;
   bool isOk = false;
   bool isNegative = false;
 
   if (!data)
     goto bye;
 
   // skip leading whitespace
   while (length && isSpaceOrNewline(*data)) {
@@ skipping 17 matching lines @@
     --length;
     IntegralType digitValue;
     CharType c = *data;
     if (isASCIIDigit(c))
       digitValue = c - '0';
     else if (c >= 'a')
       digitValue = c - 'a' + 10;
     else
       digitValue = c - 'A' + 10;
 
-    if (value > maxMultiplier ||
-        (value == maxMultiplier &&
-         digitValue > (integralMax % base) + isNegative))
+    bool overflow;
+    if (isNegative) {
+      // Overflow condition:
+      //       value * base - digitValue < integralMin
+      //   <=> value < (integralMin + digitValue) / base
+      // We must be careful of rounding errors here, but the default rounding
+      // mode (round to zero) works well, so we can use this formula as-is.
+      overflow = value < (integralMin + digitValue) / base;
+    } else {
+      // Overflow condition:
+      //       value * base + digitValue > integralMax
+      //   <=> value > (integralMax + digitValue) / base
+      // Ditto regarding rounding errors.
+      overflow = value > (integralMax - digitValue) / base;
+    }
+    if (overflow)
       goto bye;
 
-    value = base * value + digitValue;
+    if (isNegative)
+      value = base * value - digitValue;
+    else
+      value = base * value + digitValue;
     ++data;
   }
 
-#if COMPILER(MSVC)
-#pragma warning(push, 0)
-#pragma warning(disable : 4146)
-#endif
-
-  if (isNegative)
-    value = -value;
-
-#if COMPILER(MSVC)
-#pragma warning(pop)
-#endif
-
   // skip trailing space
   while (length && isSpaceOrNewline(*data)) {
     --length;
     ++data;
   }
 
   if (!length)
     isOk = true;
 bye:
   if (ok)
@@ skipping 201 matching lines @@
 float charactersToFloat(const UChar* data,
                         size_t length,
                         size_t& parsedLength) {
   // FIXME: This will return ok even when the string fits into a double but
   // not a float.
   return static_cast<float>(
       toDoubleType<UChar, AllowTrailingJunk>(data, length, 0, parsedLength));
 }
 
 }  // namespace WTF