Google Git
Sign in
webkit / WebKit / 581437ae369f411372c18991fb7ac876219d304d
commit581437ae369f411372c18991fb7ac876219d304d[log] [tgz]
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Sep 22 23:41:56 2016 +0000
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Sep 22 23:41:56 2016 +0000
tree147f460d4f1522ae34327794b0069beb2752bce3
parent29ef06f334e256ed039dc12538ecd60836065d16 [diff]
Array.prototype.join should do overflow checks on string joins.
https://bugs.webkit.org/show_bug.cgi?id=162459

Reviewed by Saam Barati.

JSTests:

* stress/array-join-on-strings-need-overflow-checks.js: Added.
(assert):
(catch):

Source/JavaScriptCore:

Change the 2 JSRopeString::create() functions that do joins to be private, and
force all clients of it to go through the jsString() utility functions that do
overflow checks before creating the ropes.

* dfg/DFGOperations.cpp:
* runtime/ArrayPrototype.cpp:
(JSC::slowJoin):
* runtime/JSString.h:
* runtime/Operations.h:
(JSC::jsString):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@206281 268f45cc-cd09-0410-ab3c-d52691b4dbfc
7 files changed
tree: 147f460d4f1522ae34327794b0069beb2752bce3
  1. Examples/
  2. JSTests/
  3. LayoutTests/
  4. ManualTests/
  5. PerformanceTests/
  6. Source/
  7. Tools/
  8. WebKit.xcworkspace/
  9. WebKitLibraries/
  10. Websites/
  11. .dir-locals.el
  12. .gitattributes
  13. .gitignore
  14. ChangeLog
  15. ChangeLog-2012-05-22
  16. CMakeLists.txt
  17. Makefile
  18. Makefile.shared