Changeset 65031 in webkit


Ignore:
Timestamp:
Aug 9, 2010 6:47:42 PM (14 years ago)
Author:
eric@webkit.org
Message:

2010-08-09 Adam Barth <abarth@webkit.org>

Reviewed by Eric Seidel.

Remove error-prone external SegementedSubstring contructor
https://bugs.webkit.org/show_bug.cgi?id=43752

There's a lot of code that assumes that SegmentedString takes ownership
of its substrings. For example, when the HTML parser pauses and
resumes asynchronously, it could explode if SegmentedString didn't own
its substrings.

Prior to this patch, there was a constructor that let
SegmentedSubstring use an external string buffer. It turns out it was
only used in a handful of places, but I'd rather pay the memcpy of
these small strings than risk having them used after free.

  • bindings/js/JSHTMLDocumentCustom.cpp: (WebCore::documentWrite):
  • html/LegacyHTMLDocumentParser.cpp: (WebCore::LegacyHTMLDocumentParser::parseNonHTMLText): (WebCore::LegacyHTMLDocumentParser::scriptHandler): (WebCore::LegacyHTMLDocumentParser::parseComment):
  • platform/text/SegmentedString.h: (WebCore::SegmentedString::SegmentedString):
Location:
trunk/WebCore
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/WebCore/ChangeLog

    r65030 r65031  
     12010-08-09  Adam Barth  <abarth@webkit.org>
     2
     3        Reviewed by Eric Seidel.
     4
     5        Remove error-prone external SegementedSubstring contructor
     6        https://bugs.webkit.org/show_bug.cgi?id=43752
     7
     8        There's a lot of code that assumes that SegmentedString takes ownership
     9        of its substrings.  For example, when the HTML parser pauses and
     10        resumes asynchronously, it could explode if SegmentedString didn't own
     11        its substrings.
     12
     13        Prior to this patch, there was a constructor that let
     14        SegmentedSubstring use an external string buffer.  It turns out it was
     15        only used in a handful of places, but I'd rather pay the memcpy of
     16        these small strings than risk having them used after free.
     17
     18        * bindings/js/JSHTMLDocumentCustom.cpp:
     19        (WebCore::documentWrite):
     20        * html/LegacyHTMLDocumentParser.cpp:
     21        (WebCore::LegacyHTMLDocumentParser::parseNonHTMLText):
     22        (WebCore::LegacyHTMLDocumentParser::scriptHandler):
     23        (WebCore::LegacyHTMLDocumentParser::parseComment):
     24        * platform/text/SegmentedString.h:
     25        (WebCore::SegmentedString::SegmentedString):
     26
    1272010-08-09  Gavin Barraclough  <barraclough@apple.com>
    228

  • trunk/WebCore/bindings/js/JSHTMLDocumentCustom.cpp

    r61057 r65031  
    151151    }
    152152    if (addNewline)
    153         segmentedString.append(SegmentedString(&newlineCharacter, 1));
     153        segmentedString.append(SegmentedString(String(&newlineCharacter, 1)));
    154154
    155155    Document* activeDocument = asJSDOMWindow(exec->lexicalGlobalObject())->impl()->document();

  • trunk/WebCore/html/LegacyHTMLDocumentParser.cpp

    r62302 r65031  
    347347                state = scriptHandler(state);
    348348            else {
    349                 state = processListing(SegmentedString(m_scriptCode, m_scriptCodeSize), state);
     349                state = processListing(SegmentedString(String(m_scriptCode, m_scriptCodeSize)), state);
    350350                processToken();
    351351                if (state.inStyle()) {
     
    452452    }
    453453
    454     state = processListing(SegmentedString(m_scriptCode, m_scriptCodeSize), state);
     454    state = processListing(SegmentedString(String(m_scriptCode, m_scriptCodeSize)), state);
    455455    RefPtr<Node> node = processToken();
    456456
     
    626626                    m_currentToken.tagName = commentAtom;
    627627                    m_currentToken.beginTag = true;
    628                     state = processListing(SegmentedString(m_scriptCode, m_scriptCodeSize - endCharsCount), state);
     628                    state = processListing(SegmentedString(String(m_scriptCode, m_scriptCodeSize - endCharsCount)), state);
    629629                    processToken();
    630630                    m_currentToken.tagName = commentAtom;

  • trunk/WebCore/platform/text/SegmentedString.h

    r62172 r65031  
    3939    }
    4040
    41     SegmentedSubstring(const UChar* str, int length) : m_length(length), m_current(length == 0 ? 0 : str), m_doNotExcludeLineNumbers(true) {}
    42 
    4341    void clear() { m_length = 0; m_current = 0; }
    4442   
     
    7371    SegmentedString()
    7472        : m_pushedChar1(0), m_pushedChar2(0), m_currentChar(0), m_composite(false), m_closed(false) {}
    75     SegmentedString(const UChar* str, int length) : m_pushedChar1(0), m_pushedChar2(0)
    76         , m_currentString(str, length), m_currentChar(m_currentString.m_current), m_composite(false), m_closed(false) {}
    7773    SegmentedString(const String& str)
    7874        : m_pushedChar1(0), m_pushedChar2(0), m_currentString(str)
Note: See TracChangeset for help on using the changeset viewer.