Merge WebKit at r72805: Initial merge by Git

Note that this is a backwards merge from Chromium release 9.0.600.0
to 9.0.597.0, to align with the Chromium 9 stable release branch.

Change-Id: I5d2bb4e8cee9d39ae8485abf48bdb55ecf8b3790

1 files changed, 2 insertions, 5 deletions

diff --git a/JavaScriptCore/wtf/text/CString.cpp b/JavaScriptCore/wtf/text/CString.cpp
index 981d77a..db6443f 100644
--- a/JavaScriptCore/wtf/text/CString.cpp
+++ b/JavaScriptCore/wtf/text/CString.cpp
@@ -49,11 +49,8 @@ void CString::init(const char* str, size_t length)
     if (!str)
         return;
 
-    // We need to be sure we can add 1 to length without overflowing.
-    // Since the passed-in length is the length of an actual existing
-    // string, and we know the string doesn't occupy the entire address
-    // space, we can assert here and there's no need for a runtime check.
-    ASSERT(length < numeric_limits<size_t>::max());
+    if (length >= numeric_limits<size_t>::max())
+        CRASH();
 
     m_buffer = CStringBuffer::create(length + 1);
     memcpy(m_buffer->mutableData(), str, length);