[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
eric at webkit.org
eric at webkit.org
Wed Dec 22 11:51:40 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 7869fcc800b1069c8d7c1db61324bfb126df4105
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Aug 10 01:47:42 2010 +0000
2010-08-09 Adam Barth <abarth at webkit.org>
Reviewed by Eric Seidel.
Remove error-prone external SegementedSubstring contructor
https://bugs.webkit.org/show_bug.cgi?id=43752
There's a lot of code that assumes that SegmentedString takes ownership
of its substrings. For example, when the HTML parser pauses and
resumes asynchronously, it could explode if SegmentedString didn't own
its substrings.
Prior to this patch, there was a constructor that let
SegmentedSubstring use an external string buffer. It turns out it was
only used in a handful of places, but I'd rather pay the memcpy of
these small strings than risk having them used after free.
* bindings/js/JSHTMLDocumentCustom.cpp:
(WebCore::documentWrite):
* html/LegacyHTMLDocumentParser.cpp:
(WebCore::LegacyHTMLDocumentParser::parseNonHTMLText):
(WebCore::LegacyHTMLDocumentParser::scriptHandler):
(WebCore::LegacyHTMLDocumentParser::parseComment):
* platform/text/SegmentedString.h:
(WebCore::SegmentedString::SegmentedString):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65031 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index b191d75..9cc6007 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,29 @@
+2010-08-09 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Remove error-prone external SegementedSubstring contructor
+ https://bugs.webkit.org/show_bug.cgi?id=43752
+
+ There's a lot of code that assumes that SegmentedString takes ownership
+ of its substrings. For example, when the HTML parser pauses and
+ resumes asynchronously, it could explode if SegmentedString didn't own
+ its substrings.
+
+ Prior to this patch, there was a constructor that let
+ SegmentedSubstring use an external string buffer. It turns out it was
+ only used in a handful of places, but I'd rather pay the memcpy of
+ these small strings than risk having them used after free.
+
+ * bindings/js/JSHTMLDocumentCustom.cpp:
+ (WebCore::documentWrite):
+ * html/LegacyHTMLDocumentParser.cpp:
+ (WebCore::LegacyHTMLDocumentParser::parseNonHTMLText):
+ (WebCore::LegacyHTMLDocumentParser::scriptHandler):
+ (WebCore::LegacyHTMLDocumentParser::parseComment):
+ * platform/text/SegmentedString.h:
+ (WebCore::SegmentedString::SegmentedString):
+
2010-08-09 Gavin Barraclough <barraclough at apple.com>
Speculative Qt build fix.
diff --git a/WebCore/bindings/js/JSHTMLDocumentCustom.cpp b/WebCore/bindings/js/JSHTMLDocumentCustom.cpp
index a0e189e..0b40ef0 100644
--- a/WebCore/bindings/js/JSHTMLDocumentCustom.cpp
+++ b/WebCore/bindings/js/JSHTMLDocumentCustom.cpp
@@ -150,7 +150,7 @@ static inline void documentWrite(ExecState* exec, HTMLDocument* document, Newlin
}
}
if (addNewline)
- segmentedString.append(SegmentedString(&newlineCharacter, 1));
+ segmentedString.append(SegmentedString(String(&newlineCharacter, 1)));
Document* activeDocument = asJSDOMWindow(exec->lexicalGlobalObject())->impl()->document();
document->write(segmentedString, activeDocument);
diff --git a/WebCore/html/LegacyHTMLDocumentParser.cpp b/WebCore/html/LegacyHTMLDocumentParser.cpp
index cb5fac8..980d6ed 100644
--- a/WebCore/html/LegacyHTMLDocumentParser.cpp
+++ b/WebCore/html/LegacyHTMLDocumentParser.cpp
@@ -346,7 +346,7 @@ LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::parseNonHTMLText(Segme
if (state.inScript())
state = scriptHandler(state);
else {
- state = processListing(SegmentedString(m_scriptCode, m_scriptCodeSize), state);
+ state = processListing(SegmentedString(String(m_scriptCode, m_scriptCodeSize)), state);
processToken();
if (state.inStyle()) {
m_currentToken.tagName = styleTag.localName();
@@ -451,7 +451,7 @@ LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::scriptHandler(State st
}
}
- state = processListing(SegmentedString(m_scriptCode, m_scriptCodeSize), state);
+ state = processListing(SegmentedString(String(m_scriptCode, m_scriptCodeSize)), state);
RefPtr<Node> node = processToken();
if (node && m_scriptingPermission == FragmentScriptingNotAllowed) {
@@ -625,7 +625,7 @@ LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::parseComment(Segmented
m_scriptCode[m_scriptCodeSize + 1] = 0;
m_currentToken.tagName = commentAtom;
m_currentToken.beginTag = true;
- state = processListing(SegmentedString(m_scriptCode, m_scriptCodeSize - endCharsCount), state);
+ state = processListing(SegmentedString(String(m_scriptCode, m_scriptCodeSize - endCharsCount)), state);
processToken();
m_currentToken.tagName = commentAtom;
m_currentToken.beginTag = false;
diff --git a/WebCore/platform/text/SegmentedString.h b/WebCore/platform/text/SegmentedString.h
index 747d426..1d3098d 100644
--- a/WebCore/platform/text/SegmentedString.h
+++ b/WebCore/platform/text/SegmentedString.h
@@ -38,8 +38,6 @@ public:
{
}
- SegmentedSubstring(const UChar* str, int length) : m_length(length), m_current(length == 0 ? 0 : str), m_doNotExcludeLineNumbers(true) {}
-
void clear() { m_length = 0; m_current = 0; }
bool excludeLineNumbers() const { return !m_doNotExcludeLineNumbers; }
@@ -72,8 +70,6 @@ class SegmentedString {
public:
SegmentedString()
: m_pushedChar1(0), m_pushedChar2(0), m_currentChar(0), m_composite(false), m_closed(false) {}
- SegmentedString(const UChar* str, int length) : m_pushedChar1(0), m_pushedChar2(0)
- , m_currentString(str, length), m_currentChar(m_currentString.m_current), m_composite(false), m_closed(false) {}
SegmentedString(const String& str)
: m_pushedChar1(0), m_pushedChar2(0), m_currentString(str)
, m_currentChar(m_currentString.m_current), m_composite(false), m_closed(false) {}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list