<snip> > That's a strange result, but are you sure it's actually meaningful? I > don't know Javascript to this level of detial, but I belive in C, at > least, the results of those expressions are undefined, since the compiler > would have no good reason to evaluate either of the prefix increments > first. Not true: "++i" will increase i first and return the result of that increased i where "i++" will return i and then increase it: -- example.js -- var i=1; document.write(++i); // prints 2, i=2; document.write(i++); // prints 2, i=3; -- cut here -- <snip> > Well the javascript interpreter seems like a not-so-good place to look. > Really all these results say is that Javascript integers can overflow, > which is vacuously true. As long as the interpreter handles these > overflows sanely, they're completely benign (although the Javascript > containging them could very well be buggy). If you can find an overflow > in the interpreter itself, as opposed to the language it's interpreting, > then you would have something interesting. The interpreter is not handling them sanely, alltough I have not found anything security related that's wrong. The examples clearly show that the interpreter and some of the internal methods return unexpected behaviour. I tried the array's first to see if I could read/overwrite any memory I would normally not have access to. > The 'undefined' result you got when pop()ing 'c' is a little strange, > though. Why did you get an undefined result after the array index had > already wrapped? If -2147483648 is a valid index, why isn't -2147483647? See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/ht ml/js56jsmthPop.asp (url wrapped) <quote>If the array is empty, undefined is returned.</quote> So somehow it's still popping the value but then it returns "undefined", meaning it thinks the array is empty. Btw. try a negative index on an array (like "i[-1]"): It doesn't work, its NOT a valid index. Cheers, Berend-Jan Wever
This archive was generated by hypermail 2b30 : Wed May 14 2003 - 09:09:00 PDT