[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
oliver at apple.com
oliver at apple.com
Wed Dec 22 12:29:30 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 8f76c6e5953ea44f0bcbe515c0541be88615b624
Author: oliver at apple.com <oliver at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Aug 24 19:00:56 2010 +0000
2010-08-24 Oliver Hunt <oliver at apple.com>
Reviewed by Beth Dakin.
Make overflow guards in UString::utf8 explicit
https://bugs.webkit.org/show_bug.cgi?id=44540
Add an explicit overflow check prior to allocating our buffer,
rather than implicitly relying on the guard in convertUTF16ToUTF8.
* runtime/UString.cpp:
(JSC::UString::utf8):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65920 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index e6fce41..0e26219 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-08-24 Oliver Hunt <oliver at apple.com>
+
+ Reviewed by Beth Dakin.
+
+ Make overflow guards in UString::utf8 explicit
+ https://bugs.webkit.org/show_bug.cgi?id=44540
+
+ Add an explicit overflow check prior to allocating our buffer,
+ rather than implicitly relying on the guard in convertUTF16ToUTF8.
+
+ * runtime/UString.cpp:
+ (JSC::UString::utf8):
+
2010-08-24 Yael Aharon <yael.aharon at nokia.com>
Reviewed by Simon Hausmann.
diff --git a/JavaScriptCore/runtime/UString.cpp b/JavaScriptCore/runtime/UString.cpp
index ac3acfd..78e349b 100644
--- a/JavaScriptCore/runtime/UString.cpp
+++ b/JavaScriptCore/runtime/UString.cpp
@@ -334,6 +334,8 @@ CString UString::utf8(bool strict) const
// * We could allocate a CStringBuffer with an appropriate size to
// have a good chance of being able to write the string into the
// buffer without reallocing (say, 1.5 x length).
+ if (length > numeric_limits<unsigned>::max() / 3)
+ return CString();
Vector<char, 1024> bufferVector(length * 3);
char* buffer = bufferVector.data();
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list