[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

ddkilzer at apple.com ddkilzer at apple.com
Wed Dec 22 15:59:03 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit fc3ece2f510510ed37c44f85331ab655ac806b07
Author: ddkilzer at apple.com <ddkilzer at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed Nov 17 16:36:04 2010 +0000

    <http://webkit.org/b/49634> Make overflow guards in WTF::String::utf8 explicit
    
    Reviewed by Darin Adler.
    
    Add an explicit overflow check prior to allocating our buffer,
    rather than implicitly relying on the guard in convertUTF16ToUTF8.
    
    * wtf/text/WTFString.cpp:
    (WTF::String::utf8):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@72209 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 8e24099..a6d58bf 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-11-17  David Kilzer  <ddkilzer at apple.com>
+
+        <http://webkit.org/b/49634> Make overflow guards in WTF::String::utf8 explicit
+
+        Reviewed by Darin Adler.
+
+        Add an explicit overflow check prior to allocating our buffer,
+        rather than implicitly relying on the guard in convertUTF16ToUTF8.
+
+        * wtf/text/WTFString.cpp:
+        (WTF::String::utf8):
+
 2010-11-17  Sheriff Bot  <webkit.review.bot at gmail.com>
 
         Unreviewed, rolling out r72197.
diff --git a/JavaScriptCore/wtf/text/WTFString.cpp b/JavaScriptCore/wtf/text/WTFString.cpp
index 75ea42d..6bb74f6 100644
--- a/JavaScriptCore/wtf/text/WTFString.cpp
+++ b/JavaScriptCore/wtf/text/WTFString.cpp
@@ -36,6 +36,7 @@ using namespace std;
 namespace WTF {
 
 using namespace Unicode;
+using namespace std;
 
 // Construct a string with UTF-16 data.
 String::String(const UChar* characters, unsigned length)
@@ -696,6 +697,8 @@ CString String::utf8(bool strict) const
     //  * We could allocate a CStringBuffer with an appropriate size to
     //    have a good chance of being able to write the string into the
     //    buffer without reallocing (say, 1.5 x length).
+    if (length > numeric_limits<unsigned>::max() / 3)
+        return CString();
     Vector<char, 1024> bufferVector(length * 3);
 
     char* buffer = bufferVector.data();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list