jvalueToJavaValue() does not correctly set the length of the String property created for JavaTypeString because the character array returned by getUCharactersFromJStringInEnv() is not null-terminated.
This is due to http://trac.webkit.org/changeset/82194, which switched from using GetStringUTFChars() (via getCharactersFromJString()) to using GetStringChars() (via getUCharactersFromJStringInEnv()). GetStringUTFChars() does null-terminate the character array whereas GetStringChars() does not.
Marking as a regression per the above.
Created attachment 101291 [details]
Committed r91260: <http://trac.webkit.org/changeset/91260>