From 5b1c84b22b82d166b8c76f33a5e5141aca207381 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Tue, 7 Oct 2014 11:13:25 +0200 Subject: Fix uninitialized access When an identifier is made from an empty string, the constructor still tries accessing the first character to populate a cache. This leads to access of uninitialized data, and wrong data in the cache. This causes no wrong behavior though except unuseful data in the cache. Change-Id: Ice9f10b08306799b160f8b95b76bd056f29d228d Reviewed-by: Michael Bruning --- Source/JavaScriptCore/parser/ParserArena.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'Source/JavaScriptCore/parser') diff --git a/Source/JavaScriptCore/parser/ParserArena.h b/Source/JavaScriptCore/parser/ParserArena.h index 45d4b158e..8d790c44c 100644 --- a/Source/JavaScriptCore/parser/ParserArena.h +++ b/Source/JavaScriptCore/parser/ParserArena.h @@ -71,6 +71,10 @@ namespace JSC { template ALWAYS_INLINE const Identifier& IdentifierArena::makeIdentifier(VM* vm, const T* characters, size_t length) { + if (length == 0) { + m_identifiers.append(Identifier(Identifier::EmptyIdentifier)); + return m_identifiers.last(); + } if (characters[0] >= MaximumCachableCharacter) { m_identifiers.append(Identifier(vm, characters, length)); return m_identifiers.last(); @@ -92,6 +96,10 @@ namespace JSC { ALWAYS_INLINE const Identifier& IdentifierArena::makeIdentifierLCharFromUChar(VM* vm, const UChar* characters, size_t length) { + if (length == 0) { + m_identifiers.append(Identifier(Identifier::EmptyIdentifier)); + return m_identifiers.last(); + } if (characters[0] >= MaximumCachableCharacter) { m_identifiers.append(Identifier::createLCharFromUChar(vm, characters, length)); return m_identifiers.last(); -- cgit v1.2.1