Changeset 79475 in webkit for trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

Timestamp:

Feb 23, 2011, 12:45:24 PM (14 years ago)

Author:

Adam Roben

Message:

Fix an off-by-one error in JSC::appendSourceToError

Looks like this bug has been around since the code was first added in r35245.

Fixes <​http://webkit.org/b/55052> <rdar://problem/9043512> Crash in JSC::appendSourceToError
when running fast/dom/objc-big-method-name.html on Windows with full page heap enabled

Reviewed by Darin Adler.

• interpreter/Interpreter.cpp:

(JSC::appendSourceToError): When trimming whitespace off the end of the string, examine the
character at stop-1 rather than at stop. At this point in the code, stop represents the
index just past the end of the characters we care about, and can even be just past the end
of the entire data buffer.

File:

• trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -646 +646 @@
         while (stop < dataLength && (stop - expressionStart < 20) && data[stop] != '\n')
             stop++;
-        while (stop > expressionStart && isStrWhiteSpace(data[stop]))
+        while (stop > expressionStart && isStrWhiteSpace(data[stop - 1]))
             stop--;
         message = makeUString(message, " (near '...", codeBlock->source()->getRange(start, stop), "...')");