Changeset 145482 in webkit


Ignore:
Timestamp:
Mar 11, 2013 10:51:05 PM (11 years ago)
Author:
oliver@apple.com
Message:

Harden JSStringJoiner
https://bugs.webkit.org/show_bug.cgi?id=112093

Reviewed by Filip Pizlo.

Harden JSStringJoiner, make it use our CheckedArithmetic
class to simplify everything.

  • runtime/JSStringJoiner.cpp:

(JSC::JSStringJoiner::build):

  • runtime/JSStringJoiner.h:

(JSStringJoiner):
(JSC::JSStringJoiner::JSStringJoiner):
(JSC::JSStringJoiner::append):

Location:
trunk/Source/JavaScriptCore
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r145417 r145482  
     12013-03-11  Oliver Hunt  <oliver@apple.com>
     2
     3        Harden JSStringJoiner
     4        https://bugs.webkit.org/show_bug.cgi?id=112093
     5
     6        Reviewed by Filip Pizlo.
     7
     8        Harden JSStringJoiner, make it use our CheckedArithmetic
     9        class to simplify everything.
     10
     11        * runtime/JSStringJoiner.cpp:
     12        (JSC::JSStringJoiner::build):
     13        * runtime/JSStringJoiner.h:
     14        (JSStringJoiner):
     15        (JSC::JSStringJoiner::JSStringJoiner):
     16        (JSC::JSStringJoiner::append):
     17
    1182013-03-11  Michael Saboff  <msaboff@apple.com>
    219

  • trunk/Source/JavaScriptCore/runtime/JSStringJoiner.cpp

    r139541 r145482  
    103103        return jsEmptyString(exec);
    104104
    105     size_t separatorLength = m_separator.length();
     105    Checked<size_t, RecordOverflow> separatorLength = m_separator.length();
    106106    // FIXME: add special cases of joinStrings() for (separatorLength == 0) and (separatorLength == 1).
    107107    ASSERT(m_strings.size() > 0);
    108     size_t totalSeparactorsLength = separatorLength * (m_strings.size() - 1);
    109     size_t outputStringSize = totalSeparactorsLength + m_cumulatedStringsLength;
     108    Checked<size_t, RecordOverflow> totalSeparactorsLength = separatorLength * (m_strings.size() - 1);
     109    Checked<size_t, RecordOverflow> outputStringSize = totalSeparactorsLength + m_accumulatedStringsLength;
    110110
     111    size_t finalSize;
     112    if (outputStringSize.safeGet(finalSize))
     113        return throwOutOfMemoryError(exec);
     114       
    111115    if (!outputStringSize)
    112116        return jsEmptyString(exec);
     
    114118    RefPtr<StringImpl> outputStringImpl;
    115119    if (m_is8Bits)
    116         outputStringImpl = joinStrings<LChar>(m_strings, m_separator, outputStringSize);
     120        outputStringImpl = joinStrings<LChar>(m_strings, m_separator, finalSize);
    117121    else
    118         outputStringImpl = joinStrings<UChar>(m_strings, m_separator, outputStringSize);
     122        outputStringImpl = joinStrings<UChar>(m_strings, m_separator, finalSize);
    119123
    120124    if (!outputStringImpl)

  • trunk/Source/JavaScriptCore/runtime/JSStringJoiner.h

    r140718 r145482  
    4747    Vector<String> m_strings;
    4848
    49     unsigned m_cumulatedStringsLength;
     49    Checked<unsigned, RecordOverflow> m_accumulatedStringsLength;
    5050    bool m_isValid;
    5151    bool m_is8Bits;
     
    5454inline JSStringJoiner::JSStringJoiner(const String& separator, size_t stringCount)
    5555    : m_separator(separator)
    56     , m_cumulatedStringsLength(0)
    5756    , m_isValid(true)
    5857    , m_is8Bits(m_separator.is8Bit())
     
    6766        return;
    6867
    69     m_strings.uncheckedAppend(str);
     68    m_strings.append(str);
    7069    if (!str.isNull()) {
    71         m_cumulatedStringsLength += str.length();
     70        m_accumulatedStringsLength += str.length();
    7271        m_is8Bits = m_is8Bits && str.is8Bit();
    7372    }
Note: See TracChangeset for help on using the changeset viewer.