Ignore:
Timestamp:
Apr 24, 2010, 10:00:38 PM (15 years ago)
Author:
Darin Adler
Message:

2010-04-24 Darin Adler <Darin Adler>

Reviewed by Dan Bernstein.

REGRESSION (r56560): Crash in parseFloat if passed invalid UTF-16 data
https://bugs.webkit.org/show_bug.cgi?id=38083
rdar://problem/7901044

Tests: fast/js/ToNumber.html

fast/js/parseFloat.html

  • runtime/JSGlobalObjectFunctions.cpp: (JSC::parseInt): Added a FIXME comment about a problem I noticed. (JSC::parseFloat): Added a FIXME comment about a problem I noticed; covered by test cases in the test I added.
  • runtime/UString.cpp: (JSC::UString::toDouble): Added FIXME comments about two problem I noticed; covered by test cases in the tests I added. Added a return statement so we don't crash when illegal UTF-16 sequences are present.

2010-04-24 Darin Adler <Darin Adler>

Reviewed by Dan Bernstein.

REGRESSION (r56560): Crash in parseFloat if passed invalid UTF-16 data
https://bugs.webkit.org/show_bug.cgi?id=38083
rdar://problem/7901044

  • fast/js/parseFloat-expected.txt: Added.
  • fast/js/parseFloat.html: Added.
  • fast/js/script-tests/parseFloat.js: Added.
  • fast/js/ToNumber-expected.txt: Added.
  • fast/js/ToNumber.html: Added.
  • fast/js/script-tests/ToNumber.js: Added.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/runtime/UString.cpp

    r58001 r58224  
    255255    }
    256256
     257    // FIXME: If tolerateTrailingJunk is true, then we want to tolerate junk
     258    // after the number, even if it contains invalid UTF-16 sequences. So we
     259    // shouldn't use the UTF8String function, which returns null when it
     260    // encounters invalid UTF-16. Further, we have no need to convert the
     261    // non-ASCII characters to UTF-8, so the UTF8String does quite a bit of
     262    // unnecessary work.
    257263    CString s = UTF8String();
     264    if (s.isNull())
     265        return NaN;
    258266    const char* c = s.data();
    259267
     
    319327        c++;
    320328    // don't allow anything after - unless tolerant=true
     329    // FIXME: If string contains a U+0000 character, then this check is incorrect.
    321330    if (!tolerateTrailingJunk && *c != '\0')
    322331        d = NaN;
Note: See TracChangeset for help on using the changeset viewer.