Changeset 19430 in webkit
- Timestamp:
- Feb 6, 2007 8:41:45 AM (17 years ago)
- Location:
- S60/branches/3.1m
- Files:
-
- 7 edited
-
JavaScriptCore/ChangeLog (modified) (1 diff)
-
JavaScriptCore/group/JavaScriptCore.mmp (modified) (1 diff)
-
JavaScriptCore/pcre/pcre.c (modified) (8 diffs)
-
WebCore/ChangeLog (modified) (1 diff)
-
WebCore/group/WebCore.mmp (modified) (1 diff)
-
WebKit/ChangeLog (modified) (1 diff)
-
WebKit/group/webkit.mmp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
S60/branches/3.1m/JavaScriptCore/ChangeLog
r19372 r19430 1 vbradley, reviewed by Yongjun. 2 DESC: Fixed the stack size and pcre stack overflow ALAA-6XSF7U 3 Limit the number recursions that are allowed in match(). 4 http://bugs.webkit.org/show_bug.cgi?id=12611 5 6 * group/JavaScriptCore.mmp: 7 * pcre/pcre.c: 8 (match): 9 1 10 yongjzha, Reviewed by zalan. 2 11 DESC: backport google.com/ig refreshing memory leak fix in <http://bugs.webkit.org/show_bug.cgi?id=10773> PPEN-6QYG7L -
S60/branches/3.1m/JavaScriptCore/group/JavaScriptCore.mmp
r14719 r19430 32 32 33 33 EPOCALLOWDLLDATA 34 // heap size 20K - 16M 34 35 EPOCHEAPSIZE 0x5000 0x1000000 36 // stack size 64K 37 epocstacksize 0x10000 35 38 36 39 #if defined(ARMCC) -
S60/branches/3.1m/JavaScriptCore/pcre/pcre.c
r14549 r19430 3649 3649 3650 3650 3651 #if NOKIA_CHANGES 3652 // Prototype match_internal() 3653 static BOOL 3654 match_internal(register const ichar *eptr, register const uschar *ecode, 3655 int offset_top, match_data *md, unsigned long int ims, 3656 eptrblock *eptrb, int flags); 3651 3657 3652 3658 /************************************************* … … 3673 3679 Returns: TRUE if matched 3674 3680 */ 3675 3676 3681 static BOOL 3677 3682 match(register const ichar *eptr, register const uschar *ecode, … … 3679 3684 int flags) 3680 3685 { 3686 static int matchcount = 0; 3687 static int matchcountMax = 0; 3688 BOOL err; 3689 3690 if ( matchcountMax >= 250 ) 3691 { 3692 return FALSE; 3693 } 3694 3695 ++matchcount; 3696 3697 if ( matchcountMax < matchcount ) 3698 { 3699 matchcountMax = matchcount; 3700 } 3701 3702 err = match_internal(eptr, ecode, offset_top, md, ims, eptrb, flags); 3703 3704 --matchcount; 3705 if ( matchcount <= 0 ) 3706 { 3707 matchcountMax = 0; 3708 } 3709 3710 return err; 3711 } 3712 #endif // end of NOKIA_CHANGES 3713 3714 /************************************************* 3715 * Match from current position * 3716 *************************************************/ 3717 3718 /* On entry ecode points to the first opcode, and eptr to the first character 3719 in the subject string, while eptrb holds the value of eptr at the start of the 3720 last bracketed group - used for breaking infinite loops matching zero-length 3721 strings. 3722 3723 Arguments: 3724 eptr pointer in subject 3725 ecode position in code 3726 offset_top current top pointer 3727 md pointer to "static" info for the match 3728 ims current /i, /m, and /s options 3729 eptrb pointer to chain of blocks containing eptr at start of 3730 brackets - for testing for empty matches 3731 flags can contain 3732 match_condassert - this is an assertion condition 3733 match_isgroup - this is the start of a bracketed group 3734 3735 Returns: TRUE if matched 3736 */ 3737 3738 #if NOKIA_CHANGES 3739 static BOOL 3740 match_internal(register const ichar *eptr, register const uschar *ecode, 3741 int offset_top, match_data *md, unsigned long int ims, eptrblock *eptrb, 3742 int flags) 3743 #else 3744 match(register const ichar *eptr, register const uschar *ecode, 3745 int offset_top, match_data *md, unsigned long int ims, eptrblock *eptrb, 3746 int flags) 3747 #endif 3748 { 3749 3681 3750 unsigned long int original_ims = ims; /* Save for resetting on ')' */ 3682 3751 eptrblock newptrb; … … 4532 4601 ichar c1 = *ecode++; 4533 4602 #endif 4534 4603 { 4535 4604 ichar c2 = *eptr++; 4536 4605 if (MAPCHAR(md->lcc, c1) != MAPCHAR(md->lcc, c2)) 4537 4606 return FALSE; 4538 4607 } 4539 4608 } 4540 4609 } 4541 4610 else … … 4623 4692 if (i >= max || eptr >= md->end_subject) 4624 4693 return FALSE; 4625 4694 { 4626 4695 ichar c2 = *eptr++; 4627 4696 if (c != MAPCHAR(md->lcc, c2)) 4628 4697 return FALSE; 4629 4698 } 4630 4699 } 4631 4700 /* Control never gets here */ … … 4683 4752 case OP_NOT: { 4684 4753 if (eptr >= md->end_subject) return FALSE; 4685 4754 { 4686 4755 #if PCRE_UTF16 4687 4756 int c = (ecode[1] << 8) | ecode[2]; … … 4701 4770 } 4702 4771 } 4703 4772 } 4704 4773 break; 4705 4774 … … 4776 4845 if (i >= max || eptr >= md->end_subject) 4777 4846 return FALSE; 4778 4847 { 4779 4848 ichar c2 = *eptr++; 4780 4849 if (c == MAPCHAR(md->lcc, c2)) 4781 4850 return FALSE; 4782 4851 } 4783 4852 } 4784 4853 /* Control never gets here */ -
S60/branches/3.1m/WebCore/ChangeLog
r19405 r19430 1 vbradley, reviewed by Yongjun. 2 DESC: Fixed the stack size and pcre stack overflow ALAA-6XSF7U 3 Limit the number recursions that are allowed in match(). 4 http://bugs.webkit.org/show_bug.cgi?id=12611 5 6 7 WARNING: NO TEST CASES ADDED OR CHANGED 8 9 * group/WebCore.mmp: 10 1 11 bujtas, Reviewed by yongjun. 2 12 DESC: browser is crashing if it is closed while a page is loading and closing and opening a new window crashes the browser as well TMCN-6XRQP2 -
S60/branches/3.1m/WebCore/group/WebCore.mmp
r14720 r19430 25 25 epocallowdlldata 26 26 VENDORID VID_DEFAULT 27 // stack size 64K 28 epocstacksize 0x10000 27 29 28 30 LANG SC -
S60/branches/3.1m/WebKit/ChangeLog
r19429 r19430 1 vbradley, reviewed by Yongjun. 2 DESC: Fixed the stack size and pcre stack overflow ALAA-6XSF7U 3 Limit the number recursions that are allowed in match(). 4 http://bugs.webkit.org/show_bug.cgi?id=12611 5 6 * group/webkit.mmp: 7 1 8 bujtas, reviewed by yongjun. 2 9 DESC: closing the window while the page is loading still crashes the browser TMCN-6XRQP2 -
S60/branches/3.1m/WebKit/group/webkit.mmp
r16325 r19430 53 53 CAPABILITY CAP_GENERAL_DLL 54 54 EPOCALLOWDLLDATA 55 // stack size 64K 56 epocstacksize 0x10000 55 57 56 58 MACRO __OOM__
Note: See TracChangeset
for help on using the changeset viewer.
