diff --git a/Userland/Libraries/LibWeb/WebDriver/Properties.h b/Userland/Libraries/LibWeb/WebDriver/Properties.h index 54062330a08..a36ef382bf2 100644 --- a/Userland/Libraries/LibWeb/WebDriver/Properties.h +++ b/Userland/Libraries/LibWeb/WebDriver/Properties.h @@ -10,6 +10,7 @@ #include #include #include +#include #include namespace Web::WebDriver { @@ -22,6 +23,20 @@ static ErrorOr get_property(JsonObject const& pa if (!property.has_value()) return WebDriver::Error::from_code(ErrorCode::InvalidArgument, ByteString::formatted("No property called '{}' present", key)); + auto is_safe_number = [](T value) { + if constexpr (sizeof(T) >= 8) { + if (value > static_cast(JS::MAX_ARRAY_LIKE_INDEX)) + return false; + + if constexpr (IsSigned) { + if (value < -static_cast(JS::MAX_ARRAY_LIKE_INDEX)) + return false; + } + } + + return true; + }; + if constexpr (IsSame) { if (!property->is_string()) return WebDriver::Error::from_code(ErrorCode::InvalidArgument, ByteString::formatted("Property '{}' is not a String", key)); @@ -31,11 +46,11 @@ static ErrorOr get_property(JsonObject const& pa return WebDriver::Error::from_code(ErrorCode::InvalidArgument, ByteString::formatted("Property '{}' is not a Boolean", key)); return property->as_bool(); } else if constexpr (IsIntegral) { - if (auto maybe_number = property->get_integer(); maybe_number.has_value()) + if (auto maybe_number = property->get_integer(); maybe_number.has_value() && is_safe_number(*maybe_number)) return *maybe_number; return WebDriver::Error::from_code(ErrorCode::InvalidArgument, ByteString::formatted("Property '{}' is not an Integer", key)); } else if constexpr (IsSame) { - if (auto maybe_number = property->get_double_with_precision_loss(); maybe_number.has_value()) + if (auto maybe_number = property->get_double_with_precision_loss(); maybe_number.has_value() && is_safe_number(*maybe_number)) return *maybe_number; return WebDriver::Error::from_code(ErrorCode::InvalidArgument, ByteString::formatted("Property '{}' is not a Number", key)); } else if constexpr (IsSame) {