diff options
Diffstat (limited to 'JavaScriptCore/wtf/text/WTFString.cpp')
-rw-r--r-- | JavaScriptCore/wtf/text/WTFString.cpp | 44 |
1 files changed, 24 insertions, 20 deletions
diff --git a/JavaScriptCore/wtf/text/WTFString.cpp b/JavaScriptCore/wtf/text/WTFString.cpp index 5161477..6bb74f6 100644 --- a/JavaScriptCore/wtf/text/WTFString.cpp +++ b/JavaScriptCore/wtf/text/WTFString.cpp @@ -1,6 +1,6 @@ /* * (C) 1999 Lars Knoll (knoll@kde.org) - * Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved. + * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2010 Apple Inc. All rights reserved. * Copyright (C) 2007-2009 Torch Mobile, Inc. * * This library is free software; you can redistribute it and/or @@ -22,7 +22,6 @@ #include "config.h" #include "WTFString.h" -#include <limits> #include <stdarg.h> #include <wtf/ASCIICType.h> #include <wtf/text/CString.h> @@ -32,9 +31,12 @@ #include <wtf/unicode/UTF8.h> #include <wtf/unicode/Unicode.h> +using namespace std; + namespace WTF { using namespace Unicode; +using namespace std; // Construct a string with UTF-16 data. String::String(const UChar* characters, unsigned length) @@ -52,7 +54,7 @@ String::String(const UChar* str) while (str[len] != UChar(0)) len++; - if (len > std::numeric_limits<unsigned>::max()) + if (len > numeric_limits<unsigned>::max()) CRASH(); m_impl = StringImpl::create(str, len); @@ -82,8 +84,9 @@ void String::append(const String& str) if (str.m_impl) { if (m_impl) { UChar* data; - RefPtr<StringImpl> newImpl = - StringImpl::createUninitialized(m_impl->length() + str.length(), data); + if (str.length() > numeric_limits<unsigned>::max() - m_impl->length()) + CRASH(); + RefPtr<StringImpl> newImpl = StringImpl::createUninitialized(m_impl->length() + str.length(), data); memcpy(data, m_impl->characters(), m_impl->length() * sizeof(UChar)); memcpy(data + m_impl->length(), str.characters(), str.length() * sizeof(UChar)); m_impl = newImpl.release(); @@ -100,8 +103,9 @@ void String::append(char c) // call to fastMalloc every single time. if (m_impl) { UChar* data; - RefPtr<StringImpl> newImpl = - StringImpl::createUninitialized(m_impl->length() + 1, data); + if (m_impl->length() >= numeric_limits<unsigned>::max()) + CRASH(); + RefPtr<StringImpl> newImpl = StringImpl::createUninitialized(m_impl->length() + 1, data); memcpy(data, m_impl->characters(), m_impl->length() * sizeof(UChar)); data[m_impl->length()] = c; m_impl = newImpl.release(); @@ -117,8 +121,9 @@ void String::append(UChar c) // call to fastMalloc every single time. if (m_impl) { UChar* data; - RefPtr<StringImpl> newImpl = - StringImpl::createUninitialized(m_impl->length() + 1, data); + if (m_impl->length() >= numeric_limits<unsigned>::max()) + CRASH(); + RefPtr<StringImpl> newImpl = StringImpl::createUninitialized(m_impl->length() + 1, data); memcpy(data, m_impl->characters(), m_impl->length() * sizeof(UChar)); data[m_impl->length()] = c; m_impl = newImpl.release(); @@ -178,10 +183,9 @@ void String::append(const UChar* charactersToAppend, unsigned lengthToAppend) ASSERT(charactersToAppend); UChar* data; - if (lengthToAppend > std::numeric_limits<unsigned>::max() - length()) + if (lengthToAppend > numeric_limits<unsigned>::max() - length()) CRASH(); - RefPtr<StringImpl> newImpl = - StringImpl::createUninitialized(length() + lengthToAppend, data); + RefPtr<StringImpl> newImpl = StringImpl::createUninitialized(length() + lengthToAppend, data); memcpy(data, characters(), length() * sizeof(UChar)); memcpy(data + length(), charactersToAppend, lengthToAppend * sizeof(UChar)); m_impl = newImpl.release(); @@ -201,10 +205,9 @@ void String::insert(const UChar* charactersToInsert, unsigned lengthToInsert, un ASSERT(charactersToInsert); UChar* data; - if (lengthToInsert > std::numeric_limits<unsigned>::max() - length()) + if (lengthToInsert > numeric_limits<unsigned>::max() - length()) CRASH(); - RefPtr<StringImpl> newImpl = - StringImpl::createUninitialized(length() + lengthToInsert, data); + RefPtr<StringImpl> newImpl = StringImpl::createUninitialized(length() + lengthToInsert, data); memcpy(data, characters(), position * sizeof(UChar)); memcpy(data + position, charactersToInsert, lengthToInsert * sizeof(UChar)); memcpy(data + position + lengthToInsert, characters() + position, (length() - position) * sizeof(UChar)); @@ -237,8 +240,7 @@ void String::remove(unsigned position, int lengthToRemove) if (static_cast<unsigned>(lengthToRemove) > length() - position) lengthToRemove = length() - position; UChar* data; - RefPtr<StringImpl> newImpl = - StringImpl::createUninitialized(length() - lengthToRemove, data); + RefPtr<StringImpl> newImpl = StringImpl::createUninitialized(length() - lengthToRemove, data); memcpy(data, characters(), position * sizeof(UChar)); memcpy(data + position, characters() + position + lengthToRemove, (length() - lengthToRemove - position) * sizeof(UChar)); @@ -695,6 +697,8 @@ CString String::utf8(bool strict) const // * We could allocate a CStringBuffer with an appropriate size to // have a good chance of being able to write the string into the // buffer without reallocing (say, 1.5 x length). + if (length > numeric_limits<unsigned>::max() / 3) + return CString(); Vector<char, 1024> bufferVector(length * 3); char* buffer = bufferVector.data(); @@ -725,7 +729,7 @@ CString String::utf8(bool strict) const String String::fromUTF8(const char* stringStart, size_t length) { - if (length > std::numeric_limits<unsigned>::max()) + if (length > numeric_limits<unsigned>::max()) CRASH(); if (!stringStart) @@ -787,8 +791,8 @@ static bool isCharacterAllowedInBase(UChar c, int base) template <typename IntegralType> static inline IntegralType toIntegralType(const UChar* data, size_t length, bool* ok, int base) { - static const IntegralType integralMax = std::numeric_limits<IntegralType>::max(); - static const bool isSigned = std::numeric_limits<IntegralType>::is_signed; + static const IntegralType integralMax = numeric_limits<IntegralType>::max(); + static const bool isSigned = numeric_limits<IntegralType>::is_signed; const IntegralType maxMultiplier = integralMax / base; IntegralType value = 0; |