Bug 38083

Summary: REGRESSION (r56560): Crash in parseFloat if passed invalid UTF-16 data
Product: WebKit Reporter: Darin Adler <darin>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, yuzo
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch
none
Patch mitz: review+

Description Darin Adler 2010-04-24 14:18:54 PDT
REGRESSION (r56560): Crash in parseFloat if passed invalid UTF-16 data
Comment 1 Darin Adler 2010-04-24 14:29:36 PDT
Created attachment 54223 [details]
Patch
Comment 2 Darin Adler 2010-04-24 15:03:15 PDT
Created attachment 54225 [details]
Patch
Comment 3 mitz 2010-04-24 15:06:37 PDT
Comment on attachment 54225 [details]
Patch

> +        (JSC::UString::toDouble): Added FIXME comments about two problem I

Typo: “two problem”

r=me
Comment 4 Darin Adler 2010-04-24 22:01:02 PDT
Committed r58224: <http://trac.webkit.org/changeset/58224>
Comment 5 Alexey Proskuryakov 2010-04-25 01:55:16 PDT
A semi-related question: are there other instances of unchecked UTF8String() calls that can cause trouble?
Comment 6 Darin Adler 2010-04-25 21:52:08 PDT
(In reply to comment #5)
> A semi-related question: are there other instances of unchecked UTF8String()
> calls that can cause trouble?

That’s a good question. I did not audit all the other UTF8String function calls.
Comment 7 Yuzo Fujishima 2010-04-25 23:49:42 PDT
Committed r58235: <http://trac.webkit.org/changeset/58235>