diff options
| author | Frederik Gladhorn <frederik.gladhorn@theqtcompany.com> | 2014-10-14 14:08:44 +0200 |
|---|---|---|
| committer | Frederik Gladhorn <frederik.gladhorn@theqtcompany.com> | 2014-10-14 14:08:44 +0200 |
| commit | 5a45e3b78724563f05d62569d8ed31adc4ffd342 (patch) | |
| tree | e4da5c78062384641b6d23e6b74c038664d82417 /Source/JavaScriptCore/runtime/JSString.h | |
| parent | 0b6f959022700ecf9374bdbb13772242d3f7e617 (diff) | |
| parent | 946088cf515ec30de586392ec72e4658b86650a4 (diff) | |
| download | qtwebkit-5a45e3b78724563f05d62569d8ed31adc4ffd342.tar.gz | |
Merge remote-tracking branch 'origin/5.3' into 5.4
Change-Id: I509f0440296df39aece8133382aacc43a4e05f99
Diffstat (limited to 'Source/JavaScriptCore/runtime/JSString.h')
| -rw-r--r-- | Source/JavaScriptCore/runtime/JSString.h | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/Source/JavaScriptCore/runtime/JSString.h b/Source/JavaScriptCore/runtime/JSString.h index 855de974d..fc383b2f4 100644 --- a/Source/JavaScriptCore/runtime/JSString.h +++ b/Source/JavaScriptCore/runtime/JSString.h @@ -1,7 +1,7 @@ /* * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) * Copyright (C) 2001 Peter Kelly (pmk@post.com) - * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved. + * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2014 Apple Inc. All rights reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Library General Public @@ -121,7 +121,8 @@ public: static JSString* create(VM& vm, PassRefPtr<StringImpl> value) { ASSERT(value); - size_t length = value->length(); + int32_t length = value->length(); + RELEASE_ASSERT(length >= 0); size_t cost = value->cost(); JSString* newString = new (NotNull, allocateCell<JSString>(vm.heap)) JSString(vm, value); newString->finishCreation(vm, length, cost); @@ -226,15 +227,21 @@ class JSRopeString : public JSString { { } - void append(JSString* jsString) + bool append(JSString* jsString) { if (m_index == JSRopeString::s_maxInternalRopeLength) expand(); + if (static_cast<int32_t>(m_jsString->length() + jsString->length()) < 0) { + m_jsString = 0; + return false; + } m_jsString->append(m_vm, m_index++, jsString); + return true; } JSRopeString* release() { + RELEASE_ASSERT(m_jsString); JSRopeString* tmp = m_jsString; m_jsString = 0; return tmp; @@ -284,6 +291,7 @@ private: { m_fibers[index].set(vm, this, jsString); m_length += jsString->m_length; + RELEASE_ASSERT(static_cast<int32_t>(m_length) >= 0); setIs8Bit(is8Bit() && jsString->is8Bit()); } |