Changeset 72114 in webkit for trunk/JavaScriptCore/wtf/text/WTFString.cpp

Timestamp:

Nov 16, 2010, 10:04:52 AM (15 years ago)

Author:

Darin Adler

Message:

2010-11-15 Darin Adler <Darin Adler>

Reviewed by Sam Weinig.

Harden additional string functions against large lengths
​https://bugs.webkit.org/show_bug.cgi?id=49574

• wtf/text/CString.cpp: (WTF::CString::init): Check for length that is too large for CString. (WTF::CString::newUninitialized): Ditto. (WTF::CString::copyBufferIfNeeded): Fix types so the length stays in a size_t.

• wtf/text/WTFString.cpp: (WTF::String::append): Check for length that is too large.

2010-11-15 Darin Adler <Darin Adler>

Reviewed by Sam Weinig.

Harden additional string functions against large lengths
​https://bugs.webkit.org/show_bug.cgi?id=49574

• platform/text/TextCodecUTF16.cpp: (WebCore::TextCodecUTF16::encode): Check for length that is too large for size_t.

• platform/text/TextStream.cpp: (WebCore::TextStream::operator<<): Check for length that is too large for size_t.

File:

• trunk/JavaScriptCore/wtf/text/WTFString.cpp (modified) (12 diffs)

trunk/JavaScriptCore/wtf/text/WTFString.cpp

@@ -1 +1 @@
 /*
  * (C) 1999 Lars Knoll ([email protected])
- * Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2010 Apple Inc. All rights reserved.
  * Copyright (C) 2007-2009 Torch Mobile, Inc.
  *
@@ -23 +23 @@
 #include "WTFString.h"
 
-#include <limits>
 #include <stdarg.h>
 #include <wtf/ASCIICType.h>
@@ -33 +32 @@
 #include <wtf/unicode/Unicode.h>
 
+using namespace std;
+
 namespace WTF {
 
@@ -53 +54 @@
         len++;
 
-    if (len > std::numeric_limits<unsigned>::max())
+    if (len > numeric_limits<unsigned>::max())
         CRASH();
     
@@ -83 +84 @@
         if (m_impl) {
             UChar* data;
-            RefPtr<StringImpl> newImpl =
-                StringImpl::createUninitialized(m_impl->length() + str.length(), data);
+            if (str.length() > numeric_limits<unsigned>::max() - m_impl->length())
+                CRASH();
+            RefPtr<StringImpl> newImpl = StringImpl::createUninitialized(m_impl->length() + str.length(), data);
             memcpy(data, m_impl->characters(), m_impl->length() * sizeof(UChar));
             memcpy(data + m_impl->length(), str.characters(), str.length() * sizeof(UChar));
@@ -101 +103 @@
     if (m_impl) {
         UChar* data;
-        RefPtr<StringImpl> newImpl =
-            StringImpl::createUninitialized(m_impl->length() + 1, data);
+        if (m_impl->length() >= numeric_limits<unsigned>::max())
+            CRASH();
+        RefPtr<StringImpl> newImpl = StringImpl::createUninitialized(m_impl->length() + 1, data);
         memcpy(data, m_impl->characters(), m_impl->length() * sizeof(UChar));
         data[m_impl->length()] = c;
@@ -118 +121 @@
     if (m_impl) {
         UChar* data;
-        RefPtr<StringImpl> newImpl =
-            StringImpl::createUninitialized(m_impl->length() + 1, data);
+        if (m_impl->length() >= numeric_limits<unsigned>::max())
+            CRASH();
+        RefPtr<StringImpl> newImpl = StringImpl::createUninitialized(m_impl->length() + 1, data);
         memcpy(data, m_impl->characters(), m_impl->length() * sizeof(UChar));
         data[m_impl->length()] = c;
@@ -179 +183 @@
     ASSERT(charactersToAppend);
     UChar* data;
-    if (lengthToAppend > std::numeric_limits<unsigned>::max() - length())
+    if (lengthToAppend > numeric_limits<unsigned>::max() - length())
         CRASH();
-    RefPtr<StringImpl> newImpl =
-        StringImpl::createUninitialized(length() + lengthToAppend, data);
+    RefPtr<StringImpl> newImpl = StringImpl::createUninitialized(length() + lengthToAppend, data);
     memcpy(data, characters(), length() * sizeof(UChar));
     memcpy(data + length(), charactersToAppend, lengthToAppend * sizeof(UChar));
@@ -202 +205 @@
     ASSERT(charactersToInsert);
     UChar* data;
-    if (lengthToInsert > std::numeric_limits<unsigned>::max() - length())
+    if (lengthToInsert > numeric_limits<unsigned>::max() - length())
         CRASH();
-    RefPtr<StringImpl> newImpl =
-      StringImpl::createUninitialized(length() + lengthToInsert, data);
+    RefPtr<StringImpl> newImpl = StringImpl::createUninitialized(length() + lengthToInsert, data);
     memcpy(data, characters(), position * sizeof(UChar));
     memcpy(data + position, charactersToInsert, lengthToInsert * sizeof(UChar));
@@ -238 +240 @@
         lengthToRemove = length() - position;
     UChar* data;
-    RefPtr<StringImpl> newImpl =
-        StringImpl::createUninitialized(length() - lengthToRemove, data);
+    RefPtr<StringImpl> newImpl = StringImpl::createUninitialized(length() - lengthToRemove, data);
     memcpy(data, characters(), position * sizeof(UChar));
     memcpy(data + position, characters() + position + lengthToRemove,
@@ -726 +727 @@
 String String::fromUTF8(const char* stringStart, size_t length)
 {
-    if (length > std::numeric_limits<unsigned>::max())
+    if (length > numeric_limits<unsigned>::max())
         CRASH();
 
@@ -788 +789 @@
 static inline IntegralType toIntegralType(const UChar* data, size_t length, bool* ok, int base)
 {
-    static const IntegralType integralMax = std::numeric_limits<IntegralType>::max();
-    static const bool isSigned = std::numeric_limits<IntegralType>::is_signed;
+    static const IntegralType integralMax = numeric_limits<IntegralType>::max();
+    static const bool isSigned = numeric_limits<IntegralType>::is_signed;
     const IntegralType maxMultiplier = integralMax / base;