[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
barraclough at apple.com
barraclough at apple.com
Wed Dec 22 12:15:52 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 9fc87e1fef216087804bf4d0eab5cd25df1fc430
Author: barraclough at apple.com <barraclough at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Aug 17 23:05:50 2010 +0000
Bug 44099 - REGRESSION(r65468): Crashes in StringImpl::find
Reviewed by Sam Weinig.
Bug 44080 introuduced a couple of cases in which array bounds could be overrun.
One of these was fixed in r65493, this patch fixes the other and address the
concerns voiced in comment #6 by restructuring the loops to remove the code
dupliction without introducing an additional if check.
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::find):
(WTF::StringImpl::findIgnoringCase):
(WTF::StringImpl::reverseFind):
(WTF::StringImpl::reverseFindIgnoringCase):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65571 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index a1311a7..6bfd7c2 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-08-17 Gavin Barraclough <barraclough at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 44099 - REGRESSION(r65468): Crashes in StringImpl::find
+
+ Bug 44080 introuduced a couple of cases in which array bounds could be overrun.
+ One of these was fixed in r65493, this patch fixes the other and address the
+ concerns voiced in comment #6 by restructuring the loops to remove the code
+ dupliction without introducing an additional if check.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::find):
+ (WTF::StringImpl::findIgnoringCase):
+ (WTF::StringImpl::reverseFind):
+ (WTF::StringImpl::reverseFindIgnoringCase):
+
2010-08-17 No'am Rosenthal <noam.rosenthal at nokia.com>
Reviewed by Ariya Hidayat.
diff --git a/JavaScriptCore/wtf/text/StringImpl.cpp b/JavaScriptCore/wtf/text/StringImpl.cpp
index ed00a29..ab0f009 100644
--- a/JavaScriptCore/wtf/text/StringImpl.cpp
+++ b/JavaScriptCore/wtf/text/StringImpl.cpp
@@ -542,15 +542,16 @@ size_t StringImpl::find(const char* matchString, unsigned index)
matchHash += matchCharacters[i];
}
- for (unsigned i = 0; i < delta; ++i) {
- if (searchHash == matchHash && equal(searchCharacters + i, matchString, matchLength))
- return index + i;
+ unsigned i = 0;
+ // keep looping until we match
+ while (searchHash != matchHash || !equal(searchCharacters + i, matchString, matchLength)) {
+ if (i == delta)
+ return notFound;
searchHash += searchCharacters[i + matchLength];
searchHash -= searchCharacters[i];
+ ++i;
}
- if (searchHash == matchHash && equal(searchCharacters + delta, matchString, matchLength))
- return index + delta;
- return notFound;
+ return index + i;
}
size_t StringImpl::findIgnoringCase(const char* matchString, unsigned index)
@@ -573,11 +574,14 @@ size_t StringImpl::findIgnoringCase(const char* matchString, unsigned index)
const UChar* searchCharacters = characters() + index;
- for (unsigned i = 0; i <= delta; ++i) {
- if (equalIgnoringCase(searchCharacters + i, matchString, matchLength))
- return index + i;
+ unsigned i = 0;
+ // keep looping until we match
+ while (!equalIgnoringCase(searchCharacters + i, matchString, matchLength)) {
+ if (i == delta)
+ return notFound;
+ ++i;
}
- return notFound;
+ return index + i;
}
size_t StringImpl::find(StringImpl* matchString, unsigned index)
@@ -614,13 +618,16 @@ size_t StringImpl::find(StringImpl* matchString, unsigned index)
matchHash += matchCharacters[i];
}
- for (unsigned i = 0; i <= delta; ++i) {
- if (searchHash == matchHash && memcmp(searchCharacters + i, matchCharacters, matchLength * sizeof(UChar)) == 0)
- return index + i;
+ unsigned i = 0;
+ // keep looping until we match
+ while (searchHash != matchHash || memcmp(searchCharacters + i, matchCharacters, matchLength * sizeof(UChar))) {
+ if (i == delta)
+ return notFound;
searchHash += searchCharacters[i + matchLength];
searchHash -= searchCharacters[i];
+ ++i;
}
- return notFound;
+ return index + i;
}
size_t StringImpl::findIgnoringCase(StringImpl* matchString, unsigned index)
@@ -644,11 +651,14 @@ size_t StringImpl::findIgnoringCase(StringImpl* matchString, unsigned index)
const UChar* searchCharacters = characters() + index;
const UChar* matchCharacters = matchString->characters();
- for (unsigned i = 0; i <= delta; ++i) {
- if (equalIgnoringCase(searchCharacters + i, matchCharacters, matchLength))
- return index + i;
+ unsigned i = 0;
+ // keep looping until we match
+ while (!equalIgnoringCase(searchCharacters + i, matchCharacters, matchLength)) {
+ if (i == delta)
+ return notFound;
+ ++i;
}
- return notFound;
+ return index + i;
}
size_t StringImpl::reverseFind(UChar c, unsigned index)
@@ -687,9 +697,11 @@ size_t StringImpl::reverseFind(StringImpl* matchString, unsigned index)
matchHash += matchCharacters[i];
}
+ // keep looping until we match
while (searchHash != matchHash || memcmp(searchCharacters + delta, matchCharacters, matchLength * sizeof(UChar))) {
- if (!delta--)
+ if (!delta)
return notFound;
+ delta--;
searchHash -= searchCharacters[delta + matchLength];
searchHash += searchCharacters[delta];
}
@@ -714,9 +726,11 @@ size_t StringImpl::reverseFindIgnoringCase(StringImpl* matchString, unsigned ind
const UChar *searchCharacters = characters();
const UChar *matchCharacters = matchString->characters();
+ // keep looping until we match
while (!equalIgnoringCase(searchCharacters + delta, matchCharacters, matchLength)) {
- if (!delta--)
+ if (!delta)
return notFound;
+ delta--;
}
return delta;
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list