Bug 38083

Summary: REGRESSION (r56560): Crash in parseFloat if passed invalid UTF-16 data
Product: WebKit Reporter: Darin Adler <darin>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, yuzo
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch
none
Patch mitz: review+

Darin Adler
Reported 2010-04-24 14:18:54 PDT
REGRESSION (r56560): Crash in parseFloat if passed invalid UTF-16 data
Attachments
Patch (10.36 KB, patch)
2010-04-24 14:29 PDT, Darin Adler 		no flags
DetailsFormatted DiffDiff
Patch (22.25 KB, patch)
2010-04-24 15:03 PDT, Darin Adler 		mitz: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Darin Adler
Comment 1 2010-04-24 14:29:36 PDT
Created attachment 54223 [details] Patch
Darin Adler
Comment 2 2010-04-24 15:03:15 PDT
Created attachment 54225 [details] Patch
mitz
Comment 3 2010-04-24 15:06:37 PDT
Comment on attachment 54225 [details] Patch > + (JSC::UString::toDouble): Added FIXME comments about two problem I Typo: “two problem” r=me
Darin Adler
Comment 4 2010-04-24 22:01:02 PDT
Committed r58224: <http://trac.webkit.org/changeset/58224>
Alexey Proskuryakov
Comment 5 2010-04-25 01:55:16 PDT
A semi-related question: are there other instances of unchecked UTF8String() calls that can cause trouble?
Darin Adler
Comment 6 2010-04-25 21:52:08 PDT
(In reply to comment #5) > A semi-related question: are there other instances of unchecked UTF8String() > calls that can cause trouble? That’s a good question. I did not audit all the other UTF8String function calls.
Yuzo Fujishima
Comment 7 2010-04-25 23:49:42 PDT
Committed r58235: <http://trac.webkit.org/changeset/58235>
Note You need to log in before you can comment on or make changes to this bug.