[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
darin
darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 06:48:50 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit c2ded481ba035e423916da2f86c14ba959b3c3f6
Author: darin <darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Oct 11 04:07:07 2002 +0000
- fixed 3072643 -- infinite loop in JavaScript code at walgreens.com
The problem is that "xxx".indexOf("", 1) needs to return 1, but we
were returning 0.
* kjs/ustring.cpp:
(UString::find): Return pos, not 0, when the search string is empty.
(UString::rfind): Make sure that pos is not past the end of the string,
taking into account the search string; fixes a potential read off the end
of the buffer. Also return pos, not 0, when the search string is empty.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@2304 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 94ea7d9..f022996 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,16 @@
+2002-10-10 Darin Adler <darin at apple.com>
+
+ - fixed 3072643 -- infinite loop in JavaScript code at walgreens.com
+
+ The problem is that "xxx".indexOf("", 1) needs to return 1, but we
+ were returning 0.
+
+ * kjs/ustring.cpp:
+ (UString::find): Return pos, not 0, when the search string is empty.
+ (UString::rfind): Make sure that pos is not past the end of the string,
+ taking into account the search string; fixes a potential read off the end
+ of the buffer. Also return pos, not 0, when the search string is empty.
+
=== Alexander-27 ===
2002-10-07 Darin Adler <darin at apple.com>
diff --git a/JavaScriptCore/ChangeLog-2002-12-03 b/JavaScriptCore/ChangeLog-2002-12-03
index 94ea7d9..f022996 100644
--- a/JavaScriptCore/ChangeLog-2002-12-03
+++ b/JavaScriptCore/ChangeLog-2002-12-03
@@ -1,3 +1,16 @@
+2002-10-10 Darin Adler <darin at apple.com>
+
+ - fixed 3072643 -- infinite loop in JavaScript code at walgreens.com
+
+ The problem is that "xxx".indexOf("", 1) needs to return 1, but we
+ were returning 0.
+
+ * kjs/ustring.cpp:
+ (UString::find): Return pos, not 0, when the search string is empty.
+ (UString::rfind): Make sure that pos is not past the end of the string,
+ taking into account the search string; fixes a potential read off the end
+ of the buffer. Also return pos, not 0, when the search string is empty.
+
=== Alexander-27 ===
2002-10-07 Darin Adler <darin at apple.com>
diff --git a/JavaScriptCore/ChangeLog-2003-10-25 b/JavaScriptCore/ChangeLog-2003-10-25
index 94ea7d9..f022996 100644
--- a/JavaScriptCore/ChangeLog-2003-10-25
+++ b/JavaScriptCore/ChangeLog-2003-10-25
@@ -1,3 +1,16 @@
+2002-10-10 Darin Adler <darin at apple.com>
+
+ - fixed 3072643 -- infinite loop in JavaScript code at walgreens.com
+
+ The problem is that "xxx".indexOf("", 1) needs to return 1, but we
+ were returning 0.
+
+ * kjs/ustring.cpp:
+ (UString::find): Return pos, not 0, when the search string is empty.
+ (UString::rfind): Make sure that pos is not past the end of the string,
+ taking into account the search string; fixes a potential read off the end
+ of the buffer. Also return pos, not 0, when the search string is empty.
+
=== Alexander-27 ===
2002-10-07 Darin Adler <darin at apple.com>
diff --git a/JavaScriptCore/kjs/ustring.cpp b/JavaScriptCore/kjs/ustring.cpp
index 24722f7..abf552e 100644
--- a/JavaScriptCore/kjs/ustring.cpp
+++ b/JavaScriptCore/kjs/ustring.cpp
@@ -491,10 +491,10 @@ int UString::find(const UString &f, int pos) const
int fsz = f.size();
if (sz < fsz)
return -1;
- if (fsz == 0)
- return 0;
if (pos < 0)
pos = 0;
+ if (fsz == 0)
+ return pos;
const UChar *end = data() + sz - fsz;
long fsizeminusone = (fsz - 1) * sizeof(UChar);
const UChar *fdata = f.data();
@@ -523,10 +523,12 @@ int UString::rfind(const UString &f, int pos) const
int fsz = f.size();
if (sz < fsz)
return -1;
- if (fsz == 0)
- return 0;
if (pos < 0)
pos = 0;
+ if (pos > sz - fsz)
+ pos = sz - fsz;
+ if (fsz == 0)
+ return pos;
long fsizeminusone = (fsz - 1) * sizeof(UChar);
const UChar *fdata = f.data();
for (const UChar *c = data() + pos; c >= data(); c--) {
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list