Changeset 43962 in webkit for trunk/JavaScriptCore/runtime


Ignore:
Timestamp:
May 21, 2009, 1:41:29 AM (16 years ago)
Author:
[email protected]
Message:

2009-05-21 Cameron Zwarich <[email protected]>

Reviewed by Maciej Stachowiak.

Bug 25912: Harden NumberPrototype.cpp by removing use of strcpy()
<https://bugs.webkit.org/show_bug.cgi?id=25912>

This causes no change on SunSpider.

  • runtime/NumberPrototype.cpp: (JSC::integerPartNoExp): replace strcpy() with memcpy(), ASSERT that the temporary buffer has sufficient space to store the result, and move the explicit null-termination closer to the memcpy() for easier visual inspection of the code. (JSC::fractionalPartToString): replace strcpy() with memcpy(), and ASSERT that the temporary buffer has sufficient space to store the result. There is no explicit null-termination because this is done by the caller. The same is already true for exponentialPartToString(). (JSC::numberProtoFuncToExponential): replace strcpy() with memcpy(), explicitly null-terminate the result, and ASSERT that the temporary buffer has sufficient space to store the result.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/runtime/NumberPrototype.cpp

    r43457 r43962  
    8383
    8484        if (static_cast<int>(length) <= decimalPoint) {
    85             strcpy(buf.data(), result);
     85            ASSERT(decimalPoint < 1024);
     86            memcpy(buf.data(), result, length);
    8687            memset(buf.data() + length, '0', decimalPoint - length);
    8788        } else
    8889            strncpy(buf.data(), result, decimalPoint);
    89 
    9090        buf[decimalPoint] = '\0';
     91
    9192        str.append(buf.data());
    9293    }
     
    278279            i += fractionalDigits;
    279280        } else {
    280             strcpy(buf + i, result + 1);
     281            ASSERT(i + resultLength - 1 < 80);
     282            memcpy(buf + i, result + 1, resultLength - 1);
    281283            i += static_cast<int>(resultLength) - 1;
    282284        }
     
    355357        buf[i++] = '-';
    356358
    357     if (decimalPoint == 999) // ? 9999 is the magical "result is Inf or NaN" value.  what's 999??
    358         strcpy(buf + i, result);
    359     else {
     359    // ? 9999 is the magical "result is Inf or NaN" value.  what's 999??
     360    if (decimalPoint == 999) {
     361        ASSERT(i + resultLength < 80);
     362        memcpy(buf + i, result, resultLength);
     363        buf[i + resultLength] = '\0';
     364    } else {
    360365        buf[i++] = result[0];
    361366
Note: See TracChangeset for help on using the changeset viewer.