Title: [198695] trunk/Source/_javascript_Core
- Revision
- 198695
- Author
- [email protected]
- Date
- 2016-03-25 16:04:02 -0700 (Fri, 25 Mar 2016)
Log Message
[JSC] fix divide-by-zero in String.prototype.padStart/padEnd
https://bugs.webkit.org/show_bug.cgi?id=155903
Patch by Caitlin Potter <[email protected]> on 2016-03-25
Reviewed by Filip Pizlo.
* runtime/StringPrototype.cpp:
(JSC::padString):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (198694 => 198695)
--- trunk/Source/_javascript_Core/ChangeLog 2016-03-25 22:55:44 UTC (rev 198694)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-03-25 23:04:02 UTC (rev 198695)
@@ -1,3 +1,13 @@
+2016-03-25 Caitlin Potter <[email protected]>
+
+ [JSC] fix divide-by-zero in String.prototype.padStart/padEnd
+ https://bugs.webkit.org/show_bug.cgi?id=155903
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::padString):
+
2016-03-25 Benjamin Poulain <[email protected]>
[JSC] materialize-past-butterfly-allocation.js time out in debug
Modified: trunk/Source/_javascript_Core/runtime/StringPrototype.cpp (198694 => 198695)
--- trunk/Source/_javascript_Core/runtime/StringPrototype.cpp 2016-03-25 22:55:44 UTC (rev 198694)
+++ trunk/Source/_javascript_Core/runtime/StringPrototype.cpp 2016-03-25 23:04:02 UTC (rev 198695)
@@ -900,8 +900,8 @@
return JSValue::encode(throwOutOfMemoryError(&exec));
}
- if (!filler || filler->length() == 1) {
- UChar character = filler ? filler->view(&exec)[0] : ' ';
+ if (!filler || filler->length() <= 1) {
+ UChar character = filler && filler->length() ? filler->view(&exec)[0] : ' ';
if (!(character & ~0xff))
filler = repeatCharacter(exec, static_cast<LChar>(character), fillLength);
else
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
