Changeset 42662 in webkit


Ignore:
Timestamp:
Apr 19, 2009 3:54:39 PM (15 years ago)
Author:
weinig@apple.com
Message:

2009-04-19 Sam Weinig <sam@webkit.org>

Reviewed by Darin Adler.

Better fix for JSStringCreateWithCFString hardening.

  • API/JSStringRefCF.cpp: (JSStringCreateWithCFString):
Location:
trunk/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/API/JSStringRefCF.cpp

    r42659 r42662  
    3838{
    3939    JSC::initializeThreading();
    40     CFIndex length = CFStringGetLength(string);
    41     if (length < 0)
    42         CRASH():
     40
     41    // We cannot use CFIndex here since CFStringGetLength can return values larger than
     42    // it can hold.  (<rdar://problem/6806478>)
     43    size_t length = CFStringGetLength(string);
    4344    if (length) {
    4445        OwnArrayPtr<UniChar> buffer(new UniChar[length]);

  • trunk/JavaScriptCore/ChangeLog

    r42659 r42662  
     12009-04-19  Sam Weinig  <sam@webkit.org>
     2
     3        Reviewed by Darin Adler.
     4
     5        Better fix for JSStringCreateWithCFString hardening.
     6
     7        * API/JSStringRefCF.cpp:
     8        (JSStringCreateWithCFString):
     9
    1102009-04-19  Sam Weinig  <sam@webkit.org>
    211
Note: See TracChangeset for help on using the changeset viewer.