Changeset 65493 in webkit for trunk/JavaScriptCore

Timestamp:

Aug 17, 2010, 4:54:39 AM (15 years ago)

Author:

[email protected]

Message:

2010-08-17 Yuta Kitamura <​[email protected]>

Reviewed by Shinichiro Hamaji.

Avoid uninitialized memory read in StringImpl::find().

REGRESSION(r65468): Crashes in StringImpl::find
​https://bugs.webkit.org/show_bug.cgi?id=44099

• wtf/text/StringImpl.cpp: (WTF::StringImpl::find):

Location:

trunk/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• wtf/text/StringImpl.cpp (modified) (2 diffs)

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2010-08-17  Yuta Kitamura  <[email protected]>
+
+        Reviewed by Shinichiro Hamaji.
+
+        Avoid uninitialized memory read in StringImpl::find().
+
+        REGRESSION(r65468): Crashes in StringImpl::find
+        https://bugs.webkit.org/show_bug.cgi?id=44099
+
+        * wtf/text/StringImpl.cpp:
+        (WTF::StringImpl::find):
+
 2010-08-16  Gavin Barraclough  <[email protected]>
 

trunk/JavaScriptCore/wtf/text/StringImpl.cpp

@@ -543 +543 @@
     }
 
-    for (unsigned i = 0; i <= delta; ++i) {
+    for (unsigned i = 0; i < delta; ++i) {
         if (searchHash == matchHash && equal(searchCharacters + i, matchString, matchLength))
             return index + i;
@@ -549 +549 @@
         searchHash -= searchCharacters[i];
     }
+    if (searchHash == matchHash && equal(searchCharacters + delta, matchString, matchLength))
+        return index + delta;
     return notFound;
 }