From a94275402997c11dd2e778633dacf4b7e630a35d Mon Sep 17 00:00:00 2001
From: Ben Murdoch <benm@google.com>
Date: Fri, 22 Oct 2010 13:02:20 +0100
Subject: Merge WebKit at r70209: Initial merge by Git

Change-Id: Id23a68efa36e9d1126bcce0b137872db00892c8e
---
 JavaScriptCore/wtf/text/StringImpl.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'JavaScriptCore/wtf/text/StringImpl.h')

diff --git a/JavaScriptCore/wtf/text/StringImpl.h b/JavaScriptCore/wtf/text/StringImpl.h
index 7025d9f..897751d 100644
--- a/JavaScriptCore/wtf/text/StringImpl.h
+++ b/JavaScriptCore/wtf/text/StringImpl.h
@@ -29,7 +29,7 @@
 #include <wtf/Forward.h>
 #include <wtf/OwnFastMallocPtr.h>
 #include <wtf/StdLibExtras.h>
-#include <wtf/StringHashFunctions.h>
+#include <wtf/StringHasher.h>
 #include <wtf/Vector.h>
 #include <wtf/text/StringImplBase.h>
 #include <wtf/unicode/Unicode.h>
@@ -165,7 +165,7 @@ public:
             return empty();
         }
 
-        if (length > ((std::numeric_limits<size_t>::max() - sizeof(StringImpl)) / sizeof(UChar))) {
+        if (length > ((std::numeric_limits<unsigned>::max() - sizeof(StringImpl)) / sizeof(UChar))) {
             output = 0;
             return 0;
         }
@@ -187,6 +187,8 @@ public:
     {
         if (size_t size = vector.size()) {
             ASSERT(vector.data());
+            if (size > std::numeric_limits<unsigned>::max())
+                CRASH();
             return adoptRef(new StringImpl(vector.releaseBuffer(), size));
         }
         return empty();
-- 
cgit v1.1