[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

weinig at apple.com weinig at apple.com
Wed Dec 22 13:56:04 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 135cdacef986c6910dd18b342db84d4f430890bb
Author: weinig at apple.com <weinig at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed Sep 29 23:51:45 2010 +0000

    Add additional checks to StringBuilder.
    <rdar://problem/7761248>
    
    Reviewed by Darin Adler.
    
    * platform/text/StringBuilder.cpp:
    (WebCore::checkAppend):
    (WebCore::StringBuilder::append):
    (WebCore::StringBuilder::toString):
    (WebCore::StringBuilder::clear):
    (WebCore::StringBuilder::length):
    * platform/text/StringBuilder.h:
    (WebCore::StringBuilder::StringBuilder):
    (WebCore::StringBuilder::setNonNull):
    (WebCore::StringBuilder::isNull):
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@68715 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 6fffc41..6408d2d 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,21 @@
+2010-09-29  Sam Weinig  <sam at webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Add additional checks to StringBuilder.
+        <rdar://problem/7761248>
+
+        * platform/text/StringBuilder.cpp:
+        (WebCore::checkAppend):
+        (WebCore::StringBuilder::append):
+        (WebCore::StringBuilder::toString):
+        (WebCore::StringBuilder::clear):
+        (WebCore::StringBuilder::length):
+        * platform/text/StringBuilder.h:
+        (WebCore::StringBuilder::StringBuilder):
+        (WebCore::StringBuilder::setNonNull):
+        (WebCore::StringBuilder::isNull):
+
 2010-09-29  Anders Carlsson  <andersca at apple.com>
 
         Reviewed by Darin Adler.
diff --git a/WebCore/WebCore.xcodeproj/project.pbxproj b/WebCore/WebCore.xcodeproj/project.pbxproj
index c53616e..d104455 100644
--- a/WebCore/WebCore.xcodeproj/project.pbxproj
+++ b/WebCore/WebCore.xcodeproj/project.pbxproj
@@ -20857,7 +20857,6 @@
 			isa = PBXProject;
 			buildConfigurationList = 149C284308902B11008A9EFC /* Build configuration list for PBXProject "WebCore" */;
 			compatibilityVersion = "Xcode 2.4";
-			developmentRegion = English;
 			hasScannedForEncodings = 1;
 			knownRegions = (
 				English,
diff --git a/WebCore/platform/text/StringBuilder.cpp b/WebCore/platform/text/StringBuilder.cpp
index 1c47129..32f0b53 100644
--- a/WebCore/platform/text/StringBuilder.cpp
+++ b/WebCore/platform/text/StringBuilder.cpp
@@ -30,19 +30,26 @@
 #include "config.h"
 #include "StringBuilder.h"
 
-#include <wtf/text/StringBuffer.h>
+using namespace std;
 
 namespace WebCore {
 
+static inline void checkedAppend(unsigned& totalLength, unsigned charactersToAppend)
+{
+    if (numeric_limits<unsigned>::max() - charactersToAppend <= totalLength)
+        CRASH();
+
+    totalLength += charactersToAppend;
+}
+
 void StringBuilder::append(const String& string)
 {
     if (string.isNull())
         return;
 
-    if (m_totalLength == UINT_MAX)
-        m_totalLength = string.length();
-    else
-        m_totalLength += string.length();
+    unsigned totalLength = length();
+    checkedAppend(totalLength, string.length());
+    m_totalLength = totalLength;
 
     if (!string.isEmpty())
         m_strings.append(string);
@@ -50,20 +57,18 @@ void StringBuilder::append(const String& string)
 
 void StringBuilder::append(UChar c)
 {
-    if (m_totalLength == UINT_MAX)
-        m_totalLength = 1;
-    else
-        m_totalLength += 1;
+    unsigned totalLength = length();
+    checkedAppend(totalLength, 1);
+    m_totalLength = totalLength;
 
     m_strings.append(String(&c, 1));
 }
 
 void StringBuilder::append(char c)
 {
-    if (m_totalLength == UINT_MAX)
-        m_totalLength = 1;
-    else
-        m_totalLength += 1;
+    unsigned totalLength = length();
+    checkedAppend(totalLength, 1);
+    m_totalLength = totalLength;
 
     m_strings.append(String(&c, 1));
 }
@@ -80,10 +85,11 @@ String StringBuilder::toString(ConcatMode mode) const
     if (count == 1)
         return m_strings[0];
 
-    UChar* buffer;
     unsigned totalLength = m_totalLength;
     if (mode == ConcatAddingSpacesBetweenIndividualStrings)
-        totalLength += count - 1;
+        checkedAppend(totalLength, count - 1);
+
+    UChar* buffer;
     String result = String::createUninitialized(totalLength, buffer);
 
     UChar* p = buffer;
@@ -93,7 +99,7 @@ String StringBuilder::toString(ConcatMode mode) const
         for (unsigned i = 0; i < count; ++i) {
             StringImpl* string = m_strings[i].impl();
             unsigned length = string->length(); 
-            memcpy(p, string->characters(), length * 2);
+            memcpy(p, string->characters(), length * sizeof(UChar));
             p += length;
         }
     } else {
@@ -101,7 +107,7 @@ String StringBuilder::toString(ConcatMode mode) const
         for (unsigned i = 0; i < count; ++i) {
             StringImpl* string = m_strings[i].impl();
             unsigned length = string->length(); 
-            memcpy(p, string->characters(), length * 2);
+            memcpy(p, string->characters(), length * sizeof(UChar));
             p += length;
 
             // Add space after string before the start of the next string, if we're not processing the last string.
@@ -118,15 +124,15 @@ String StringBuilder::toString(ConcatMode mode) const
 
 void StringBuilder::clear()
 {
-    m_totalLength = UINT_MAX;
+    m_totalLength = numeric_limits<unsigned>::max();
     m_strings.clear();
 }
 
 unsigned StringBuilder::length() const
 {
-    if (m_totalLength == UINT_MAX)
+    if (isNull())
         return 0;
     return m_totalLength;
 }
 
-}
+} // namespace WebCore
diff --git a/WebCore/platform/text/StringBuilder.h b/WebCore/platform/text/StringBuilder.h
index 72adfa7..dd8c1c0 100644
--- a/WebCore/platform/text/StringBuilder.h
+++ b/WebCore/platform/text/StringBuilder.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2010 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -30,6 +30,8 @@
 #define StringBuilder_h
 
 #include "PlatformString.h"
+#include <limits>
+#include <wtf/Vector.h>
 
 namespace WebCore {
 
@@ -40,11 +42,11 @@ enum ConcatMode {
 
 class StringBuilder {
 public:
-    StringBuilder() : m_totalLength(UINT_MAX) {}
+    StringBuilder() : m_totalLength(std::numeric_limits<unsigned>::max()) {}
 
     void setNonNull()
     {
-        if (m_totalLength == UINT_MAX)
+        if (isNull())
             m_totalLength = 0;
     }
 
@@ -58,12 +60,12 @@ public:
     String toString(ConcatMode mode = ConcatUnaltered) const;
 
 private:
-    bool isNull() const { return m_totalLength == UINT_MAX; }
+    bool isNull() const { return m_totalLength == std::numeric_limits<unsigned>::max(); }
 
     unsigned m_totalLength;
     Vector<String, 16> m_strings;
 };
 
-}
+} // namespace WebCore
 
-#endif
+#endif // StringBuilder_h

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list