[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
darin
darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:47:03 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 7fdc25c707e4645ec80f6e518b9313f7f6a9786f
Author: darin <darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sat Jul 12 16:01:36 2003 +0000
Reviewed by Dave.
- fixed 3272777 -- array object indices treated as integers by Safari, but as strings in other web browsers
JavaScriptCore did not implement the proper rule for what an array index is.
* kjs/array_object.cpp:
(getArrayIndex): Added. Implements the rule from the specification, which also provides a handy
"not an array index" value of 2^32-1.
(ArrayInstanceImp::get): Use getArrayIndex.
(ArrayInstanceImp::put): Ditto.
(ArrayInstanceImp::hasProperty): Ditto.
(ArrayInstanceImp::setLength): Ditto.
* kjs/identifier.h: Removed now-unused toULong, and added toStrictUInt32, in both cases forwarding
functions that forward to UString.
* kjs/ustring.h: Added toStringUInt32.
* kjs/ustring.cpp: (UString::toStrictUInt32): Added. Converts a string to a 32-bit unsigned integer,
and rejects any string that does not exactly match the way the integer would be formatted on output.
This is the rule documented in the ECMA language standard.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@4630 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 1ddc936..a9e5e03 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,27 @@
+2003-07-12 Darin Adler <darin at apple.com>
+
+ Reviewed by Dave.
+
+ - fixed 3272777 -- array object indices treated as integers by Safari, but as strings in other web browsers
+
+ JavaScriptCore did not implement the proper rule for what an array index is.
+
+ * kjs/array_object.cpp:
+ (getArrayIndex): Added. Implements the rule from the specification, which also provides a handy
+ "not an array index" value of 2^32-1.
+ (ArrayInstanceImp::get): Use getArrayIndex.
+ (ArrayInstanceImp::put): Ditto.
+ (ArrayInstanceImp::hasProperty): Ditto.
+ (ArrayInstanceImp::setLength): Ditto.
+
+ * kjs/identifier.h: Removed now-unused toULong, and added toStrictUInt32, in both cases forwarding
+ functions that forward to UString.
+
+ * kjs/ustring.h: Added toStringUInt32.
+ * kjs/ustring.cpp: (UString::toStrictUInt32): Added. Converts a string to a 32-bit unsigned integer,
+ and rejects any string that does not exactly match the way the integer would be formatted on output.
+ This is the rule documented in the ECMA language standard.
+
=== Safari-89 ===
2003-07-10 Maciej Stachowiak <mjs at apple.com>
diff --git a/JavaScriptCore/ChangeLog-2003-10-25 b/JavaScriptCore/ChangeLog-2003-10-25
index 1ddc936..a9e5e03 100644
--- a/JavaScriptCore/ChangeLog-2003-10-25
+++ b/JavaScriptCore/ChangeLog-2003-10-25
@@ -1,3 +1,27 @@
+2003-07-12 Darin Adler <darin at apple.com>
+
+ Reviewed by Dave.
+
+ - fixed 3272777 -- array object indices treated as integers by Safari, but as strings in other web browsers
+
+ JavaScriptCore did not implement the proper rule for what an array index is.
+
+ * kjs/array_object.cpp:
+ (getArrayIndex): Added. Implements the rule from the specification, which also provides a handy
+ "not an array index" value of 2^32-1.
+ (ArrayInstanceImp::get): Use getArrayIndex.
+ (ArrayInstanceImp::put): Ditto.
+ (ArrayInstanceImp::hasProperty): Ditto.
+ (ArrayInstanceImp::setLength): Ditto.
+
+ * kjs/identifier.h: Removed now-unused toULong, and added toStrictUInt32, in both cases forwarding
+ functions that forward to UString.
+
+ * kjs/ustring.h: Added toStringUInt32.
+ * kjs/ustring.cpp: (UString::toStrictUInt32): Added. Converts a string to a 32-bit unsigned integer,
+ and rejects any string that does not exactly match the way the integer would be formatted on output.
+ This is the rule documented in the ECMA language standard.
+
=== Safari-89 ===
2003-07-10 Maciej Stachowiak <mjs at apple.com>
diff --git a/JavaScriptCore/kjs/array_object.cpp b/JavaScriptCore/kjs/array_object.cpp
index 91fd648..42fcbfa 100644
--- a/JavaScriptCore/kjs/array_object.cpp
+++ b/JavaScriptCore/kjs/array_object.cpp
@@ -70,14 +70,28 @@ ArrayInstanceImp::~ArrayInstanceImp()
free(storage);
}
+// Rule from ECMA 15.2 about what an array index is.
+// Must exactly match string form of an unsigned integer, and be less than 2^32 - 1.
+
+const unsigned maxUInt32 = 0xFFFFFFFFU;
+const unsigned notArrayIndex = maxUInt32;
+
+unsigned getArrayIndex(const Identifier &propertyName)
+{
+ bool ok;
+ unsigned index = propertyName.toStrictUInt32(&ok);
+ if (!ok || index >= maxUInt32)
+ return notArrayIndex;
+ return index;
+}
+
Value ArrayInstanceImp::get(ExecState *exec, const Identifier &propertyName) const
{
if (propertyName == lengthPropertyName)
return Number(length);
- bool ok;
- unsigned index = propertyName.toULong(&ok);
- if (ok) {
+ unsigned index = getArrayIndex(propertyName);
+ if (index != notArrayIndex) {
if (index >= length)
return Undefined();
if (index < storageLength) {
@@ -109,9 +123,8 @@ void ArrayInstanceImp::put(ExecState *exec, const Identifier &propertyName, cons
return;
}
- bool ok;
- unsigned index = propertyName.toULong(&ok);
- if (ok) {
+ unsigned index = getArrayIndex(propertyName);
+ if (index != notArrayIndex) {
put(exec, index, value, attr);
return;
}
@@ -143,9 +156,8 @@ bool ArrayInstanceImp::hasProperty(ExecState *exec, const Identifier &propertyNa
if (propertyName == lengthPropertyName)
return true;
- bool ok;
- unsigned index = propertyName.toULong(&ok);
- if (ok) {
+ unsigned index = getArrayIndex(propertyName);
+ if (index != notArrayIndex) {
if (index >= length)
return false;
if (index < storageLength) {
@@ -252,8 +264,8 @@ void ArrayInstanceImp::setLength(unsigned newLength, ExecState *exec)
ReferenceListIterator it = sparseProperties.begin();
while (it != sparseProperties.end()) {
Reference ref = it++;
- bool ok;
- if (ref.getPropertyName(exec).toULong(&ok) > newLength) {
+ unsigned index = getArrayIndex(ref.getPropertyName(exec));
+ if (index != notArrayIndex && index > newLength) {
ref.deleteValue(exec);
}
}
diff --git a/JavaScriptCore/kjs/identifier.h b/JavaScriptCore/kjs/identifier.h
index 634787c..92f7698 100644
--- a/JavaScriptCore/kjs/identifier.h
+++ b/JavaScriptCore/kjs/identifier.h
@@ -50,8 +50,8 @@ namespace KJS {
bool isNull() const { return _ustring.isNull(); }
bool isEmpty() const { return _ustring.isEmpty(); }
- unsigned long toULong(bool *ok) const { return _ustring.toULong(ok); }
uint32_t toUInt32(bool *ok) const { return _ustring.toUInt32(ok); }
+ uint32_t toStrictUInt32(bool *ok) const { return _ustring.toStrictUInt32(ok); }
double toDouble() const { return _ustring.toDouble(); }
static const Identifier &null();
diff --git a/JavaScriptCore/kjs/ustring.cpp b/JavaScriptCore/kjs/ustring.cpp
index c0ffb36..1e788fb 100644
--- a/JavaScriptCore/kjs/ustring.cpp
+++ b/JavaScriptCore/kjs/ustring.cpp
@@ -658,6 +658,54 @@ uint32_t UString::toUInt32(bool *ok) const
return static_cast<uint32_t>(d);
}
+uint32_t UString::toStrictUInt32(bool *ok) const
+{
+ if (ok)
+ *ok = false;
+
+ // Empty string is not OK.
+ int len = rep->len;
+ if (len == 0)
+ return 0;
+ const UChar *p = rep->dat;
+ unsigned short c = p->unicode();
+
+ // If the first digit is 0, only 0 itself is OK.
+ if (c == '0') {
+ if (len == 1 && ok)
+ *ok = true;
+ return 0;
+ }
+
+ // Convert to UInt32, checking for overflow.
+ uint32_t i = 0;
+ while (1) {
+ // Process character, turning it into a digit.
+ if (c < '0' || c > '9')
+ return 0;
+ const unsigned d = c - '0';
+
+ // Check for overflow.
+ const unsigned maxProduct = 0xFFFFFFFFU - d;
+ if (i > maxProduct / 10)
+ return 0;
+
+ // Add in another digit.
+ i *= 10;
+ i += d;
+
+ // Handle end of string.
+ if (--len == 0) {
+ if (ok)
+ *ok = true;
+ return i;
+ }
+
+ // Get next character.
+ c = (++p)->unicode();
+ }
+}
+
int UString::find(const UString &f, int pos) const
{
int sz = size();
diff --git a/JavaScriptCore/kjs/ustring.h b/JavaScriptCore/kjs/ustring.h
index c52d18d..6d97cb1 100644
--- a/JavaScriptCore/kjs/ustring.h
+++ b/JavaScriptCore/kjs/ustring.h
@@ -169,7 +169,7 @@ namespace KJS {
*/
class CString {
public:
- CString() : data(0L) { }
+ CString() : data(0) { }
CString(const char *c);
CString(const CString &);
@@ -381,9 +381,10 @@ namespace KJS {
* Attempts an conversion to an unsigned long integer. ok will be set
* according to the success.
*/
- unsigned long toULong(bool *ok = 0L) const;
+ unsigned long toULong(bool *ok = 0) const;
- uint32_t toUInt32(bool *ok = 0L) const;
+ uint32_t toUInt32(bool *ok = 0) const;
+ uint32_t toStrictUInt32(bool *ok = 0) const;
/**
* @return Position of first occurrence of f starting at position pos.
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list