[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
ddkilzer at apple.com
ddkilzer at apple.com
Wed Dec 22 15:59:03 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit fc3ece2f510510ed37c44f85331ab655ac806b07
Author: ddkilzer at apple.com <ddkilzer at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Nov 17 16:36:04 2010 +0000
<http://webkit.org/b/49634> Make overflow guards in WTF::String::utf8 explicit
Reviewed by Darin Adler.
Add an explicit overflow check prior to allocating our buffer,
rather than implicitly relying on the guard in convertUTF16ToUTF8.
* wtf/text/WTFString.cpp:
(WTF::String::utf8):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@72209 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 8e24099..a6d58bf 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-11-17 David Kilzer <ddkilzer at apple.com>
+
+ <http://webkit.org/b/49634> Make overflow guards in WTF::String::utf8 explicit
+
+ Reviewed by Darin Adler.
+
+ Add an explicit overflow check prior to allocating our buffer,
+ rather than implicitly relying on the guard in convertUTF16ToUTF8.
+
+ * wtf/text/WTFString.cpp:
+ (WTF::String::utf8):
+
2010-11-17 Sheriff Bot <webkit.review.bot at gmail.com>
Unreviewed, rolling out r72197.
diff --git a/JavaScriptCore/wtf/text/WTFString.cpp b/JavaScriptCore/wtf/text/WTFString.cpp
index 75ea42d..6bb74f6 100644
--- a/JavaScriptCore/wtf/text/WTFString.cpp
+++ b/JavaScriptCore/wtf/text/WTFString.cpp
@@ -36,6 +36,7 @@ using namespace std;
namespace WTF {
using namespace Unicode;
+using namespace std;
// Construct a string with UTF-16 data.
String::String(const UChar* characters, unsigned length)
@@ -696,6 +697,8 @@ CString String::utf8(bool strict) const
// * We could allocate a CStringBuffer with an appropriate size to
// have a good chance of being able to write the string into the
// buffer without reallocing (say, 1.5 x length).
+ if (length > numeric_limits<unsigned>::max() / 3)
+ return CString();
Vector<char, 1024> bufferVector(length * 3);
char* buffer = bufferVector.data();
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list