[webkit-changes] [130424] trunk/Source/JavaScriptCore

[msaboff]

Title: [130424] trunk/Source/_javascript_Core

Revision

130424

Author

msab...@apple.com

Date

2012-10-04 13:27:45 -0700 (Thu, 04 Oct 2012)

Log Message

Crash in Safari at com.apple._javascript_Core: WTF::StringImpl::is8Bit const + 12
https://bugs.webkit.org/show_bug.cgi?id=98433

Reviewed by Jessie Berlin.

The problem is due to a String with a null StringImpl (i.e. a null string).
Added a length check before the is8Bit() check since length() checks for a null StringImpl.  Changed the
characters16() call to characters() since it can handle a null StringImpl as well.

* API/JSValueRef.cpp:
(JSValueMakeFromJSONString):

Modified Paths

• trunk/Source/_javascript_Core/API/JSValueRef.cpp
• trunk/Source/_javascript_Core/ChangeLog

Diff

Modified: trunk/Source/_javascript_Core/API/JSValueRef.cpp (130423 => 130424)

--- trunk/Source/_javascript_Core/API/JSValueRef.cpp	2012-10-04 20:18:14 UTC (rev 130423)
+++ trunk/Source/_javascript_Core/API/JSValueRef.cpp	2012-10-04 20:27:45 UTC (rev 130424)
@@ -235,11 +235,12 @@
     ExecState* exec = toJS(ctx);
     APIEntryShim entryShim(exec);
     String str = string->string();
-    if (str.is8Bit()) {
-        LiteralParser<LChar> parser(exec, str.characters8(), str.length(), StrictJSON);
+    unsigned length = str.length();
+    if (length && str.is8Bit()) {
+        LiteralParser<LChar> parser(exec, str.characters8(), length, StrictJSON);
         return toRef(exec, parser.tryLiteralParse());
     }
-    LiteralParser<UChar> parser(exec, str.characters16(), str.length(), StrictJSON);
+    LiteralParser<UChar> parser(exec, str.characters(), length, StrictJSON);
     return toRef(exec, parser.tryLiteralParse());
 }
 

Modified: trunk/Source/_javascript_Core/ChangeLog (130423 => 130424)

--- trunk/Source/_javascript_Core/ChangeLog	2012-10-04 20:18:14 UTC (rev 130423)
+++ trunk/Source/_javascript_Core/ChangeLog	2012-10-04 20:27:45 UTC (rev 130424)
@@ -1,3 +1,17 @@
+2012-10-04  Michael Saboff  <msab...@apple.com>
+
+        Crash in Safari at com.apple._javascript_Core: WTF::StringImpl::is8Bit const + 12
+        https://bugs.webkit.org/show_bug.cgi?id=98433
+
+        Reviewed by Jessie Berlin.
+
+        The problem is due to a String with a null StringImpl (i.e. a null string).
+        Added a length check before the is8Bit() check since length() checks for a null StringImpl.  Changed the
+        characters16() call to characters() since it can handle a null StringImpl as well.
+
+        * API/JSValueRef.cpp:
+        (JSValueMakeFromJSONString):
+
 2012-10-04  Benjamin Poulain  <bpoul...@apple.com>
 
         Use copyLCharsFromUCharSource() for IdentifierLCharFromUCharTranslator translation

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes