Changeset 2304 in webkit for trunk/JavaScriptCore

Timestamp:

Oct 10, 2002, 9:07:07 PM (23 years ago)

Author:

darin

Message:

• fixed 3072643 -- infinite loop in JavaScript code at walgreens.com

The problem is that "xxx".indexOf("", 1) needs to return 1, but we
were returning 0.

• kjs/ustring.cpp: (UString::find): Return pos, not 0, when the search string is empty. (UString::rfind): Make sure that pos is not past the end of the string, taking into account the search string; fixes a potential read off the end of the buffer. Also return pos, not 0, when the search string is empty.

Location:

trunk/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• ChangeLog-2002-12-03 (modified) (1 diff)
• ChangeLog-2003-10-25 (modified) (1 diff)
• kjs/ustring.cpp (modified) (2 diffs)

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2002-10-10  Darin Adler  <[email protected]>
+
+        - fixed 3072643 -- infinite loop in JavaScript code at walgreens.com
+
+        The problem is that "xxx".indexOf("", 1) needs to return 1, but we
+        were returning 0.
+
+        * kjs/ustring.cpp:
+        (UString::find): Return pos, not 0, when the search string is empty.
+        (UString::rfind): Make sure that pos is not past the end of the string,
+        taking into account the search string; fixes a potential read off the end
+        of the buffer. Also return pos, not 0, when the search string is empty.
+
 === Alexander-27 ===
 

trunk/JavaScriptCore/ChangeLog-2002-12-03

@@ +1 @@
+2002-10-10  Darin Adler  <[email protected]>
+
+        - fixed 3072643 -- infinite loop in JavaScript code at walgreens.com
+
+        The problem is that "xxx".indexOf("", 1) needs to return 1, but we
+        were returning 0.
+
+        * kjs/ustring.cpp:
+        (UString::find): Return pos, not 0, when the search string is empty.
+        (UString::rfind): Make sure that pos is not past the end of the string,
+        taking into account the search string; fixes a potential read off the end
+        of the buffer. Also return pos, not 0, when the search string is empty.
+
 === Alexander-27 ===
 

trunk/JavaScriptCore/ChangeLog-2003-10-25

@@ +1 @@
+2002-10-10  Darin Adler  <[email protected]>
+
+        - fixed 3072643 -- infinite loop in JavaScript code at walgreens.com
+
+        The problem is that "xxx".indexOf("", 1) needs to return 1, but we
+        were returning 0.
+
+        * kjs/ustring.cpp:
+        (UString::find): Return pos, not 0, when the search string is empty.
+        (UString::rfind): Make sure that pos is not past the end of the string,
+        taking into account the search string; fixes a potential read off the end
+        of the buffer. Also return pos, not 0, when the search string is empty.
+
 === Alexander-27 ===
 

trunk/JavaScriptCore/kjs/ustring.cpp

@@ -492 +492 @@
   if (sz < fsz)
     return -1;
-  if (fsz == 0)
-    return 0;
   if (pos < 0)
     pos = 0;
+  if (fsz == 0)
+    return pos;
   const UChar *end = data() + sz - fsz;
   long fsizeminusone = (fsz - 1) * sizeof(UChar);
@@ -524 +524 @@
   if (sz < fsz)
     return -1;
-  if (fsz == 0)
-    return 0;
   if (pos < 0)
     pos = 0;
+  if (pos > sz - fsz)
+    pos = sz - fsz;
+  if (fsz == 0)
+    return pos;
   long fsizeminusone = (fsz - 1) * sizeof(UChar);
   const UChar *fdata = f.data();