Changeset 42644 in webkit for trunk/JavaScriptCore/runtime/UString.cpp
- Timestamp:
- Apr 18, 2009, 4:50:03 PM (16 years ago)
- File:
-
- 1 edited
-
trunk/JavaScriptCore/runtime/UString.cpp (modified) (9 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JavaScriptCore/runtime/UString.cpp
r42282 r42644 511 511 } else if (rep == base && !base->isShared()) { 512 512 // this is direct and has refcount of 1 (so we can just alter it directly) 513 if (!expandCapacity(rep.get(), thisOffset + length)) 513 int newCapacity = thisOffset + length; 514 if (newCapacity < thisOffset) 515 CRASH(); 516 if (!expandCapacity(rep.get(), newCapacity)) 514 517 rep = &UString::Rep::null(); 515 518 if (rep->data()) { … … 520 523 } else if (thisOffset + thisSize == base->usedCapacity && thisSize >= minShareSize) { 521 524 // this reaches the end of the buffer - extend it if it's long enough to append to 522 if (!expandCapacity(rep.get(), thisOffset + length)) 525 int newCapacity = thisOffset + length; 526 if (newCapacity < thisOffset) 527 CRASH(); 528 if (!expandCapacity(rep.get(), newCapacity)) 523 529 rep = &UString::Rep::null(); 524 530 if (rep->data()) { … … 565 571 } else if (rep == base && !base->isShared()) { 566 572 // this is direct and has refcount of 1 (so we can just alter it directly) 567 expandCapacity(rep.get(), thisOffset + length); 573 int newCapacity = thisOffset + length; 574 if (newCapacity < thisOffset) 575 CRASH(); 576 expandCapacity(rep.get(), newCapacity); 568 577 UChar* d = rep->data(); 569 578 if (d) { … … 575 584 } else if (thisOffset + thisSize == base->usedCapacity && thisSize >= minShareSize) { 576 585 // this string reaches the end of the buffer - extend it 577 expandCapacity(rep.get(), thisOffset + length); 586 int newCapacity = thisOffset + length; 587 if (newCapacity < thisOffset) 588 CRASH(); 589 expandCapacity(rep.get(), newCapacity); 578 590 UChar* d = rep->data(); 579 591 if (d) { … … 637 649 // string does more harm than good 638 650 // - however, if b qualifies for prepend and is longer than a, we'd rather prepend 651 639 652 UString x(a); 640 x.expandCapacity(aOffset + length); 653 int capacity = aOffset + length; 654 if (capacity < aOffset) 655 CRASH(); 656 x.expandCapacity(capacity); 641 657 if (!a->data() || !x.data()) 642 658 return 0; … … 988 1004 } else if (m_rep == base && !base->isShared()) { 989 1005 // this is direct and has refcount of 1 (so we can just alter it directly) 990 expandCapacity(thisOffset + length); 1006 int newCapacity = thisOffset + length; 1007 if (newCapacity < thisOffset) 1008 CRASH(); 1009 expandCapacity(newCapacity); 991 1010 if (data()) { 992 1011 copyChars(m_rep->data() + thisSize, t.data(), tSize); … … 996 1015 } else if (thisOffset + thisSize == base->usedCapacity && thisSize >= minShareSize) { 997 1016 // this reaches the end of the buffer - extend it if it's long enough to append to 998 expandCapacity(thisOffset + length); 1017 int newCapacity = thisOffset + length; 1018 if (newCapacity < thisOffset) 1019 CRASH(); 1020 expandCapacity(newCapacity); 999 1021 if (data()) { 1000 1022 copyChars(m_rep->data() + thisSize, t.data(), tSize); … … 1055 1077 } else if (m_rep == base && !base->isShared()) { 1056 1078 // this is direct and has refcount of 1 (so we can just alter it directly) 1057 expandCapacity(thisOffset + length + 1); 1079 int newCapacity = thisOffset + length + 1; 1080 if (newCapacity < thisOffset) 1081 CRASH(); 1082 expandCapacity(newCapacity); 1058 1083 UChar* d = m_rep->data(); 1059 1084 if (d) { … … 1064 1089 } else if (thisOffset + length == base->usedCapacity && length >= minShareSize) { 1065 1090 // this reaches the end of the string - extend it and share 1066 expandCapacity(thisOffset + length + 1); 1091 int newCapacity = thisOffset + length + 1; 1092 if (newCapacity < thisOffset) 1093 CRASH(); 1094 expandCapacity(newCapacity); 1067 1095 UChar* d = m_rep->data(); 1068 1096 if (d) {
Note:
See TracChangeset
for help on using the changeset viewer.
