[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
commit-queue at webkit.org
commit-queue at webkit.org
Wed Dec 22 12:12:56 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 02038efbc3006c231c27a34397b3593bc6f151e7
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Aug 17 11:54:39 2010 +0000
2010-08-17 Yuta Kitamura <yutak at chromium.org>
Reviewed by Shinichiro Hamaji.
Avoid uninitialized memory read in StringImpl::find().
REGRESSION(r65468): Crashes in StringImpl::find
https://bugs.webkit.org/show_bug.cgi?id=44099
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::find):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65493 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 2e11c2c..0d6ac10 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-08-17 Yuta Kitamura <yutak at chromium.org>
+
+ Reviewed by Shinichiro Hamaji.
+
+ Avoid uninitialized memory read in StringImpl::find().
+
+ REGRESSION(r65468): Crashes in StringImpl::find
+ https://bugs.webkit.org/show_bug.cgi?id=44099
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::find):
+
2010-08-16 Gavin Barraclough <barraclough at apple.com>
Rubber stamped by Sam Weinig
diff --git a/JavaScriptCore/wtf/text/StringImpl.cpp b/JavaScriptCore/wtf/text/StringImpl.cpp
index a944470..ed00a29 100644
--- a/JavaScriptCore/wtf/text/StringImpl.cpp
+++ b/JavaScriptCore/wtf/text/StringImpl.cpp
@@ -542,12 +542,14 @@ size_t StringImpl::find(const char* matchString, unsigned index)
matchHash += matchCharacters[i];
}
- for (unsigned i = 0; i <= delta; ++i) {
+ for (unsigned i = 0; i < delta; ++i) {
if (searchHash == matchHash && equal(searchCharacters + i, matchString, matchLength))
return index + i;
searchHash += searchCharacters[i + matchLength];
searchHash -= searchCharacters[i];
}
+ if (searchHash == matchHash && equal(searchCharacters + delta, matchString, matchLength))
+ return index + delta;
return notFound;
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list