projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 95c5e68)
Fix overflow in WriteQuoteJsonString and SlowQuoteJsonString
authordcarney@chromium.org <dcarney@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Tue, 26 Feb 2013 11:02:39 +0000 (11:02 +0000)
committerdcarney@chromium.org <dcarney@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Tue, 26 Feb 2013 11:02:39 +0000 (11:02 +0000)
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/12326120

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13730 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/runtime.cc patch | blob | history
test/mjsunit/regress/regress-latin-1.js patch | blob | history

diff --git a/src/runtime.cc b/src/runtime.cc
index 95872a1..4483f69 100644 (file)
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -5248,7 +5248,7 @@ static MaybeObject* SlowQuoteJsonString(Isolate* isolate,
   int quoted_length = kSpaceForQuotes;
   while (read_cursor < end) {
     Char c = *(read_cursor++);
-    if (sizeof(Char) > 1u && static_cast<unsigned>(c) >= kQuoteTableLength) {
+    if (static_cast<unsigned>(c) >= kQuoteTableLength) {
       quoted_length++;
     } else {
       quoted_length += JsonQuoteLengths[static_cast<unsigned>(c)];
@@ -5270,7 +5270,7 @@ static MaybeObject* SlowQuoteJsonString(Isolate* isolate,
   read_cursor = characters.start();
   while (read_cursor < end) {
     Char c = *(read_cursor++);
-    if (sizeof(Char) > 1u && static_cast<unsigned>(c) >= kQuoteTableLength) {
+    if (static_cast<unsigned>(c) >= kQuoteTableLength) {
       *(write_cursor++) = c;
     } else {
       int len = JsonQuoteLengths[static_cast<unsigned>(c)];
@@ -5298,8 +5298,7 @@ static inline SinkChar* WriteQuoteJsonString(
   *(write_cursor++) = '"';
   while (read_cursor < end) {
     SourceChar c = *(read_cursor++);
-    if (sizeof(SourceChar) > 1u &&
-        static_cast<unsigned>(c) >= kQuoteTableLength) {
+    if (static_cast<unsigned>(c) >= kQuoteTableLength) {
       *(write_cursor++) = static_cast<SinkChar>(c);
     } else {
       int len = JsonQuoteLengths[static_cast<unsigned>(c)];
diff --git a/test/mjsunit/regress/regress-latin-1.js b/test/mjsunit/regress/regress-latin-1.js
index b6cd714..a988ebd 100644 (file)
--- a/test/mjsunit/regress/regress-latin-1.js
+++ b/test/mjsunit/regress/regress-latin-1.js
@@ -76,3 +76,15 @@ assertTrue(/[\u039b-\u039d]/i.test('\u00b5'));
 assertFalse(/[^\u039b-\u039d]/i.test('\u00b5'));
 assertFalse(/[\u039b-\u039d]/.test('\u00b5'));
 assertTrue(/[^\u039b-\u039d]/.test('\u00b5'));
+
+// Check a regression in QuoteJsonSlow and WriteQuoteJsonString
+for (var testNumber = 0; testNumber < 2; testNumber++) {
+  var testString = "\xdc";
+  var loopLength = testNumber == 0 ? 0 : 20;
+  for (var i = 0; i < loopLength; i++ ) {
+    testString += testString;
+  }
+  var stringified = JSON.stringify({"test" : testString}, null, 0);
+  var stringifiedExpected = '{"test":"' + testString + '"}';
+  assertEquals(stringifiedExpected, stringified);
+}
Domain: Web Framework / Web Engine;