Changeset 69414 in webkit for trunk/JavaScriptCore/wtf/text/WTFString.cpp

Timestamp:

Oct 8, 2010, 12:38:12 PM (15 years ago)

Author:

[email protected]

Message:

2010-10-08 Chris Evans <​[email protected]>

Reviewed by David Levin.

​https://bugs.webkit.org/show_bug.cgi?id=47393

Use unsigned consistently to check for max StringImpl length.
Add a few integer overflow checks.
Uses the existing paradigm of CRASH() when we can't reasonably handle a crazily large request.

• wtf/text/WTFString.cpp:
• wtf/text/StringImpl.h:
• wtf/text/StringImpl.cpp: Better use of size_t vs. unsigned; check for integer overflows.

File:

• trunk/JavaScriptCore/wtf/text/WTFString.cpp (modified) (4 diffs)

trunk/JavaScriptCore/wtf/text/WTFString.cpp

@@ -49 +49 @@
         return;
         
-    int len = 0;
+    size_t len = 0;
     while (str[len] != UChar(0))
         len++;
+
+    if (len > std::numeric_limits<unsigned>::max())
+        CRASH();
     
     m_impl = StringImpl::create(str, len);
@@ -176 +179 @@
     ASSERT(charactersToAppend);
     UChar* data;
+    if (lengthToAppend > std::numeric_limits<unsigned>::max() - length())
+        CRASH();
     RefPtr<StringImpl> newImpl =
         StringImpl::createUninitialized(length() + lengthToAppend, data);
@@ -197 +202 @@
     ASSERT(charactersToInsert);
     UChar* data;
+    if (lengthToInsert > std::numeric_limits<unsigned>::max() - length())
+        CRASH();
     RefPtr<StringImpl> newImpl =
       StringImpl::createUninitialized(length() + lengthToInsert, data);
@@ -719 +726 @@
 String String::fromUTF8(const char* stringStart, size_t length)
 {
+    if (length > std::numeric_limits<unsigned>::max())
+        CRASH();
+
     if (!stringStart)
         return String();