Title: [91795] trunk
- Revision
- 91795
- Author
- [email protected]
- Date
- 2011-07-26 15:47:32 -0700 (Tue, 26 Jul 2011)
Log Message
Buffer overflow creating error messages for JSON.parse
https://bugs.webkit.org/show_bug.cgi?id=65211
Reviewed by Darin Adler.
../../../../Volumes/Data/git/WebKit/OpenSource/LayoutTests:
Update testcase to reflect actual expected output.
* fast/js/JSON-parse-expected.txt:
../../../../Volumes/Data/git/WebKit/OpenSource/Source/_javascript_Core:
Parse string length to the UString constructor.
* runtime/LiteralParser.cpp:
(JSC::LiteralParser::parse):
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (91794 => 91795)
--- trunk/LayoutTests/ChangeLog 2011-07-26 22:23:16 UTC (rev 91794)
+++ trunk/LayoutTests/ChangeLog 2011-07-26 22:47:32 UTC (rev 91795)
@@ -1,3 +1,14 @@
+2011-07-26 Oliver Hunt <[email protected]>
+
+ Buffer overflow creating error messages for JSON.parse
+ https://bugs.webkit.org/show_bug.cgi?id=65211
+
+ Reviewed by Darin Adler.
+
+ Update testcase to reflect actual expected output.
+
+ * fast/js/JSON-parse-expected.txt:
+
2011-07-26 Xiaomei Ji <[email protected]>
--webkit-visual-word does not work in multi-line
Modified: trunk/LayoutTests/fast/js/JSON-parse-expected.txt (91794 => 91795)
--- trunk/LayoutTests/fast/js/JSON-parse-expected.txt 2011-07-26 22:23:16 UTC (rev 91794)
+++ trunk/LayoutTests/fast/js/JSON-parse-expected.txt 2011-07-26 22:47:32 UTC (rev 91795)
@@ -17,7 +17,7 @@
function (jsonObject) {
return jsonObject.parse('Infinity');
}
-PASS tests[i](nativeJSON) threw exception SyntaxError: JSON Parse error: Unexpected identifier "Infinity?".
+PASS tests[i](nativeJSON) threw exception SyntaxError: JSON Parse error: Unexpected identifier "Infinity".
function (jsonObject) {
return jsonObject.parse('NaN');
}
Modified: trunk/Source/_javascript_Core/ChangeLog (91794 => 91795)
--- trunk/Source/_javascript_Core/ChangeLog 2011-07-26 22:23:16 UTC (rev 91794)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-07-26 22:47:32 UTC (rev 91795)
@@ -1,3 +1,15 @@
+2011-07-26 Oliver Hunt <[email protected]>
+
+ Buffer overflow creating error messages for JSON.parse
+ https://bugs.webkit.org/show_bug.cgi?id=65211
+
+ Reviewed by Darin Adler.
+
+ Parse string length to the UString constructor.
+
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::parse):
+
2011-07-26 Mark Hahnenberg <[email protected]>
Refactor automatically generated JS DOM bindings to replace operator new with static create methods
Modified: trunk/Source/_javascript_Core/runtime/LiteralParser.cpp (91794 => 91795)
--- trunk/Source/_javascript_Core/runtime/LiteralParser.cpp 2011-07-26 22:23:16 UTC (rev 91794)
+++ trunk/Source/_javascript_Core/runtime/LiteralParser.cpp 2011-07-26 22:47:32 UTC (rev 91795)
@@ -609,7 +609,7 @@
m_parseErrorMessage = "Unexpected token '}'";
return JSValue();
case TokIdentifier:
- m_parseErrorMessage = String::format("Unexpected identifier \"%s\"", UString(m_lexer.currentToken().stringToken).ascii().data()).impl();
+ m_parseErrorMessage = String::format("Unexpected identifier \"%s\"", UString(m_lexer.currentToken().stringToken, m_lexer.currentToken().stringLength).ascii().data()).impl();
return JSValue();
case TokColon:
m_parseErrorMessage = "Unexpected token ':'";
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
