diff options
Diffstat (limited to 'JavaScriptCore/wtf/text/StringImpl.cpp')
-rw-r--r-- | JavaScriptCore/wtf/text/StringImpl.cpp | 81 |
1 files changed, 50 insertions, 31 deletions
diff --git a/JavaScriptCore/wtf/text/StringImpl.cpp b/JavaScriptCore/wtf/text/StringImpl.cpp index f4b2f05..1c4de66 100644 --- a/JavaScriptCore/wtf/text/StringImpl.cpp +++ b/JavaScriptCore/wtf/text/StringImpl.cpp @@ -96,9 +96,9 @@ PassRefPtr<StringImpl> StringImpl::create(const UChar* characters, unsigned leng return empty(); UChar* data; - PassRefPtr<StringImpl> string = createUninitialized(length, data); + RefPtr<StringImpl> string = createUninitialized(length, data); memcpy(data, characters, length * sizeof(UChar)); - return string; + return string.release(); } PassRefPtr<StringImpl> StringImpl::create(const char* characters, unsigned length) @@ -107,19 +107,22 @@ PassRefPtr<StringImpl> StringImpl::create(const char* characters, unsigned lengt return empty(); UChar* data; - PassRefPtr<StringImpl> string = createUninitialized(length, data); + RefPtr<StringImpl> string = createUninitialized(length, data); for (unsigned i = 0; i != length; ++i) { unsigned char c = characters[i]; data[i] = c; } - return string; + return string.release(); } PassRefPtr<StringImpl> StringImpl::create(const char* string) { if (!string) return empty(); - return create(string, strlen(string)); + size_t length = strlen(string); + if (length > numeric_limits<unsigned>::max()) + CRASH(); + return create(string, length); } PassRefPtr<StringImpl> StringImpl::create(const UChar* characters, unsigned length, PassRefPtr<SharedUChar> sharedBuffer) @@ -205,7 +208,10 @@ PassRefPtr<StringImpl> StringImpl::lower() if (noUpper && !(ored & ~0x7F)) return this; + if (m_length > static_cast<unsigned>(numeric_limits<int32_t>::max())) + CRASH(); int32_t length = m_length; + UChar* data; RefPtr<StringImpl> newImpl = createUninitialized(m_length, data); @@ -236,7 +242,10 @@ PassRefPtr<StringImpl> StringImpl::upper() // but in empirical testing, few actual calls to upper() are no-ops, so // it wouldn't be worth the extra time for pre-scanning. UChar* data; - PassRefPtr<StringImpl> newImpl = createUninitialized(m_length, data); + RefPtr<StringImpl> newImpl = createUninitialized(m_length, data); + + if (m_length > static_cast<unsigned>(numeric_limits<int32_t>::max())) + CRASH(); int32_t length = m_length; // Do a faster loop for the case where all the characters are ASCII. @@ -247,7 +256,7 @@ PassRefPtr<StringImpl> StringImpl::upper() data[i] = toASCIIUpper(c); } if (!(ored & ~0x7F)) - return newImpl; + return newImpl.release(); // Do a slower implementation for cases that include non-ASCII characters. bool error; @@ -258,45 +267,47 @@ PassRefPtr<StringImpl> StringImpl::upper() Unicode::toUpper(data, realLength, m_data, m_length, &error); if (error) return this; - return newImpl; + return newImpl.release(); } -PassRefPtr<StringImpl> StringImpl::secure(UChar aChar) +PassRefPtr<StringImpl> StringImpl::secure(UChar character) { UChar* data; - PassRefPtr<StringImpl> newImpl = createUninitialized(m_length, data); - int32_t length = m_length; - for (int i = 0; i < length; ++i) - data[i] = aChar; - return newImpl; + RefPtr<StringImpl> newImpl = createUninitialized(m_length, data); + for (unsigned i = 0; i < m_length; ++i) + data[i] = character; + return newImpl.release(); } PassRefPtr<StringImpl> StringImpl::foldCase() { UChar* data; - PassRefPtr<StringImpl> newImpl = createUninitialized(m_length, data); + RefPtr<StringImpl> newImpl = createUninitialized(m_length, data); + + if (m_length > static_cast<unsigned>(numeric_limits<int32_t>::max())) + CRASH(); int32_t length = m_length; // Do a faster loop for the case where all the characters are ASCII. UChar ored = 0; - for (int i = 0; i < length; i++) { + for (int32_t i = 0; i < length; i++) { UChar c = m_data[i]; ored |= c; data[i] = toASCIILower(c); } if (!(ored & ~0x7F)) - return newImpl; + return newImpl.release(); // Do a slower implementation for cases that include non-ASCII characters. bool error; int32_t realLength = Unicode::foldCase(data, length, m_data, m_length, &error); if (!error && realLength == length) - return newImpl; + return newImpl.release(); newImpl = createUninitialized(realLength, data); Unicode::foldCase(data, realLength, m_data, m_length, &error); if (error) return this; - return newImpl; + return newImpl.release(); } PassRefPtr<StringImpl> StringImpl::stripWhiteSpace() @@ -517,7 +528,10 @@ size_t StringImpl::find(const char* matchString, unsigned index) // Check for null or empty string to match against if (!matchString) return notFound; - unsigned matchLength = strlen(matchString); + size_t matchStringLength = strlen(matchString); + if (matchStringLength > numeric_limits<unsigned>::max()) + CRASH(); + unsigned matchLength = matchStringLength; if (!matchLength) return min(index, length()); @@ -563,7 +577,10 @@ size_t StringImpl::findIgnoringCase(const char* matchString, unsigned index) // Check for null or empty string to match against if (!matchString) return notFound; - unsigned matchLength = strlen(matchString); + size_t matchStringLength = strlen(matchString); + if (matchStringLength > numeric_limits<unsigned>::max()) + CRASH(); + unsigned matchLength = matchStringLength; if (!matchLength) return min(index, length()); @@ -761,7 +778,7 @@ PassRefPtr<StringImpl> StringImpl::replace(UChar oldC, UChar newC) return this; UChar* data; - PassRefPtr<StringImpl> newImpl = createUninitialized(m_length, data); + RefPtr<StringImpl> newImpl = createUninitialized(m_length, data); for (i = 0; i != m_length; ++i) { UChar ch = m_data[i]; @@ -769,7 +786,7 @@ PassRefPtr<StringImpl> StringImpl::replace(UChar oldC, UChar newC) ch = newC; data[i] = ch; } - return newImpl; + return newImpl.release(); } PassRefPtr<StringImpl> StringImpl::replace(unsigned position, unsigned lengthToReplace, StringImpl* str) @@ -784,14 +801,14 @@ PassRefPtr<StringImpl> StringImpl::replace(unsigned position, unsigned lengthToR if ((length() - lengthToReplace) >= (numeric_limits<unsigned>::max() - lengthToInsert)) CRASH(); - PassRefPtr<StringImpl> newImpl = + RefPtr<StringImpl> newImpl = createUninitialized(length() - lengthToReplace + lengthToInsert, data); memcpy(data, characters(), position * sizeof(UChar)); if (str) memcpy(data + position, str->characters(), lengthToInsert * sizeof(UChar)); memcpy(data + position + lengthToInsert, characters() + position + lengthToReplace, (length() - position - lengthToReplace) * sizeof(UChar)); - return newImpl; + return newImpl.release(); } PassRefPtr<StringImpl> StringImpl::replace(UChar pattern, StringImpl* replacement) @@ -824,7 +841,7 @@ PassRefPtr<StringImpl> StringImpl::replace(UChar pattern, StringImpl* replacemen newSize += replaceSize; UChar* data; - PassRefPtr<StringImpl> newImpl = createUninitialized(newSize, data); + RefPtr<StringImpl> newImpl = createUninitialized(newSize, data); // Construct the new data size_t srcSegmentEnd; @@ -846,7 +863,7 @@ PassRefPtr<StringImpl> StringImpl::replace(UChar pattern, StringImpl* replacemen ASSERT(dstOffset + srcSegmentLength == newImpl->length()); - return newImpl; + return newImpl.release(); } PassRefPtr<StringImpl> StringImpl::replace(StringImpl* pattern, StringImpl* replacement) @@ -882,7 +899,7 @@ PassRefPtr<StringImpl> StringImpl::replace(StringImpl* pattern, StringImpl* repl newSize += matchCount * repStrLength; UChar* data; - PassRefPtr<StringImpl> newImpl = createUninitialized(newSize, data); + RefPtr<StringImpl> newImpl = createUninitialized(newSize, data); // Construct the new data size_t srcSegmentEnd; @@ -904,7 +921,7 @@ PassRefPtr<StringImpl> StringImpl::replace(StringImpl* pattern, StringImpl* repl ASSERT(dstOffset + srcSegmentLength == newImpl->length()); - return newImpl; + return newImpl.release(); } bool equal(const StringImpl* a, const StringImpl* b) @@ -1020,9 +1037,11 @@ PassRefPtr<StringImpl> StringImpl::adopt(StringBuffer& buffer) PassRefPtr<StringImpl> StringImpl::createWithTerminatingNullCharacter(const StringImpl& string) { // Use createUninitialized instead of 'new StringImpl' so that the string and its buffer - // get allocated in a single malloc block. + // get allocated in a single memory block. UChar* data; - int length = string.m_length; + unsigned length = string.m_length; + if (length >= numeric_limits<unsigned>::max()) + CRASH(); RefPtr<StringImpl> terminatedString = createUninitialized(length + 1, data); memcpy(data, string.m_data, length * sizeof(UChar)); data[length] = 0; |