Bug 38083 - REGRESSION (r56560): Crash in parseFloat if passed invalid UTF-16 data
Summary: REGRESSION (r56560): Crash in parseFloat if passed invalid UTF-16 data
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-24 14:18 PDT by Darin Adler
Modified: 2010-04-25 23:49 PDT (History)
2 users (show)

See Also:


Attachments
Patch (10.36 KB, patch)
2010-04-24 14:29 PDT, Darin Adler
no flags Details | Formatted Diff | Diff
Patch (22.25 KB, patch)
2010-04-24 15:03 PDT, Darin Adler
mitz: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Darin Adler 2010-04-24 14:18:54 PDT
REGRESSION (r56560): Crash in parseFloat if passed invalid UTF-16 data
Comment 1 Darin Adler 2010-04-24 14:29:36 PDT
Created attachment 54223 [details]
Patch
Comment 2 Darin Adler 2010-04-24 15:03:15 PDT
Created attachment 54225 [details]
Patch
Comment 3 mitz 2010-04-24 15:06:37 PDT
Comment on attachment 54225 [details]
Patch

> +        (JSC::UString::toDouble): Added FIXME comments about two problem I

Typo: “two problem”

r=me
Comment 4 Darin Adler 2010-04-24 22:01:02 PDT
Committed r58224: <http://trac.webkit.org/changeset/58224>
Comment 5 Alexey Proskuryakov 2010-04-25 01:55:16 PDT
A semi-related question: are there other instances of unchecked UTF8String() calls that can cause trouble?
Comment 6 Darin Adler 2010-04-25 21:52:08 PDT
(In reply to comment #5)
> A semi-related question: are there other instances of unchecked UTF8String()
> calls that can cause trouble?

That’s a good question. I did not audit all the other UTF8String function calls.
Comment 7 Yuzo Fujishima 2010-04-25 23:49:42 PDT
Committed r58235: <http://trac.webkit.org/changeset/58235>