Ignore:
Timestamp:
Jan 26, 2007, 6:31:28 PM (18 years ago)
Author:
aliceli1
Message:

JavaScriptCore:

Reviewed by Maciej.


Fix for Repeated string concatenation results in OOM crash
http://bugs.webkit.org/show_bug.cgi?id=11131

  • kjs/operations.cpp: (KJS::add): Throw exception if string addition result is null
  • kjs/ustring.cpp: (KJS::UString::UString): Don't call memcpy when malloc failed

LayoutTests:

Reviewed by Maciej.


Test for "Repeated string concatenation results in OOM crash"
http://bugs.webkit.org/show_bug.cgi?id=11131

  • fast/js/resources/string-concatenate-outofmemory.js: Added.
  • fast/js/string-concatenate-outofmemory-expected.txt: Added.
  • fast/js/string-concatenate-outofmemory.html: Added.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/kjs/ustring.cpp

    r17862 r19178  
    434434    UString x(a);
    435435    x.expandCapacity(aOffset + length);
    436     memcpy(const_cast<UChar *>(a.data() + aSize), b.data(), bSize * sizeof(UChar));
    437     m_rep = Rep::create(a.m_rep, 0, length);
     436    if (a.data()) {
     437        memcpy(const_cast<UChar *>(a.data() + aSize), b.data(), bSize * sizeof(UChar));
     438        m_rep = Rep::create(a.m_rep, 0, length);
     439    } else
     440        m_rep = &Rep::null;
    438441  } else if (-bOffset == b.usedPreCapacity() && 4 * bSize >= aSize) {
    439442    // - b reaches the beginning of its buffer so it qualifies for shared prepend
     
    442445    UString y(b);
    443446    y.expandPreCapacity(-bOffset + aSize);
    444     memcpy(const_cast<UChar *>(b.data() - aSize), a.data(), aSize * sizeof(UChar));
    445     m_rep = Rep::create(b.m_rep, -aSize, length);
     447    if (b.data()) {
     448        memcpy(const_cast<UChar *>(b.data() - aSize), a.data(), aSize * sizeof(UChar));
     449        m_rep = Rep::create(b.m_rep, -aSize, length);
     450    } else
     451        m_rep = &Rep::null;
    446452  } else {
    447453    // a does not qualify for append, and b does not qualify for prepend, gotta make a whole new string
    448454    int newCapacity = expandedSize(length, 0);
    449455    UChar *d = static_cast<UChar *>(fastMalloc(sizeof(UChar) * newCapacity));
    450     memcpy(d, a.data(), aSize * sizeof(UChar));
    451     memcpy(d + aSize, b.data(), bSize * sizeof(UChar));
    452     m_rep = Rep::create(d, length);
    453     m_rep->capacity = newCapacity;
     456    if (d) {
     457        memcpy(d, a.data(), aSize * sizeof(UChar));
     458        memcpy(d + aSize, b.data(), bSize * sizeof(UChar));
     459        m_rep = Rep::create(d, length);
     460        m_rep->capacity = newCapacity;
     461    } else
     462        m_rep = &Rep::null;
    454463  }
    455464}
Note: See TracChangeset for help on using the changeset viewer.