Changeset 58224 in webkit
- Timestamp:
- Apr 24, 2010 10:00:38 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 6 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JavaScriptCore/ChangeLog
r58220 r58224 1 2010-04-24 Darin Adler <darin@apple.com> 2 3 Reviewed by Dan Bernstein. 4 5 REGRESSION (r56560): Crash in parseFloat if passed invalid UTF-16 data 6 https://bugs.webkit.org/show_bug.cgi?id=38083 7 rdar://problem/7901044 8 9 Tests: fast/js/ToNumber.html 10 fast/js/parseFloat.html 11 12 * runtime/JSGlobalObjectFunctions.cpp: 13 (JSC::parseInt): Added a FIXME comment about a problem I noticed. 14 (JSC::parseFloat): Added a FIXME comment about a problem I noticed; 15 covered by test cases in the test I added. 16 * runtime/UString.cpp: 17 (JSC::UString::toDouble): Added FIXME comments about two problem I 18 noticed; covered by test cases in the tests I added. Added a return 19 statement so we don't crash when illegal UTF-16 sequences are present. 20 1 21 2010-04-24 Anton Muhin <antonm@chromium.org> 2 22 -
trunk/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
r56560 r58224 242 242 243 243 if (number >= mantissaOverflowLowerBound) { 244 // FIXME: It is incorrect to use UString::ascii() here because it's not thread-safe. 244 245 if (radix == 10) 245 246 number = WTF::strtod(s.substr(firstDigitPosition, p - firstDigitPosition).ascii(), 0); … … 270 271 return 0; 271 272 273 // FIXME: UString::toDouble will ignore leading ASCII spaces, but we need to ignore 274 // other StrWhiteSpaceChar values as well. 272 275 return s.toDouble(true /*tolerant*/, false /* NaN for empty string */); 273 276 } -
trunk/JavaScriptCore/runtime/UString.cpp
r58001 r58224 255 255 } 256 256 257 // FIXME: If tolerateTrailingJunk is true, then we want to tolerate junk 258 // after the number, even if it contains invalid UTF-16 sequences. So we 259 // shouldn't use the UTF8String function, which returns null when it 260 // encounters invalid UTF-16. Further, we have no need to convert the 261 // non-ASCII characters to UTF-8, so the UTF8String does quite a bit of 262 // unnecessary work. 257 263 CString s = UTF8String(); 264 if (s.isNull()) 265 return NaN; 258 266 const char* c = s.data(); 259 267 … … 319 327 c++; 320 328 // don't allow anything after - unless tolerant=true 329 // FIXME: If string contains a U+0000 character, then this check is incorrect. 321 330 if (!tolerateTrailingJunk && *c != '\0') 322 331 d = NaN; -
trunk/LayoutTests/ChangeLog
r58223 r58224 1 2010-04-24 Darin Adler <darin@apple.com> 2 3 Reviewed by Dan Bernstein. 4 5 REGRESSION (r56560): Crash in parseFloat if passed invalid UTF-16 data 6 https://bugs.webkit.org/show_bug.cgi?id=38083 7 rdar://problem/7901044 8 9 * fast/js/parseFloat-expected.txt: Added. 10 * fast/js/parseFloat.html: Added. 11 * fast/js/script-tests/parseFloat.js: Added. 12 13 * fast/js/ToNumber-expected.txt: Added. 14 * fast/js/ToNumber.html: Added. 15 * fast/js/script-tests/ToNumber.js: Added. 16 1 17 2010-04-24 Dan Bernstein <mitz@apple.com> 2 18
Note: See TracChangeset
for help on using the changeset viewer.