Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-07 20:17:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 735313 - StringBuffer still needs length validation. r=luke

Browse Source
This commit is contained in:
Jeff Walden 2012-03-14 15:29:29 -07:00
parent 8c880a51ed
commit 6782e94444
18 changed files with 48 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
js/src/builtin/RegExp.cpp
View File

@ -40,12 +40,13 @@
#include "jscntxt.h"
#include "vm/StringBuffer.h"
#include "builtin/RegExp.h"
#include "vm/MethodGuard-inl.h"
#include "vm/RegExpObject-inl.h"
#include "vm/RegExpStatics-inl.h"
#include "vm/StringBuffer-inl.h"
using namespace js;
using namespace js::types;

4
js/src/jsapi-tests/testStringBuffer.cpp
View File

@ -6,9 +6,9 @@
#include "jsatom.h"
#include "jsobjinlines.h"
#include "vm/StringBuffer.h"
#include "vm/StringBuffer-inl.h"
#include "jsobjinlines.h"
BEGIN_TEST(testStringBuffer_finishString)
{

2
js/src/jsapi.cpp
View File

@ -93,6 +93,7 @@
#include "mozilla/Util.h"
#include "yarr/BumpPointerAllocator.h"
#include "vm/MethodGuard.h"
#include "vm/StringBuffer.h"
#include "jsatominlines.h"
#include "jsinferinlines.h"
@ -104,7 +105,6 @@
#include "vm/RegExpStatics-inl.h"
#include "vm/Stack-inl.h"
#include "vm/String-inl.h"
#include "vm/StringBuffer-inl.h"
#if ENABLE_YARR_JIT
#include "assembler/jit/ExecutableAllocator.h"

2
js/src/jsarray.cpp
View File

@ -127,7 +127,7 @@
#include "vm/ArgumentsObject.h"
#include "vm/MethodGuard.h"
#include "vm/StringBuffer-inl.h"
#include "vm/StringBuffer.h"
#include "ds/Sort.h"

2
js/src/jsbool.cpp
View File

@ -54,13 +54,13 @@
#include "jsstr.h"
#include "vm/GlobalObject.h"
#include "vm/StringBuffer.h"
#include "jsinferinlines.h"
#include "jsobjinlines.h"
#include "vm/BooleanObject-inl.h"
#include "vm/MethodGuard-inl.h"
#include "vm/StringBuffer-inl.h"
using namespace js;
using namespace js::types;

2
js/src/jsdate.cpp
View File

@ -74,13 +74,13 @@
#include "jslibmath.h"
#include "vm/GlobalObject.h"
#include "vm/StringBuffer.h"
#include "jsinferinlines.h"
#include "jsobjinlines.h"
#include "vm/MethodGuard-inl.h"
#include "vm/Stack-inl.h"
#include "vm/StringBuffer-inl.h"
using namespace mozilla;
using namespace js;

2
js/src/jsexn.cpp
View File

@ -65,13 +65,13 @@
#include "jswrapper.h"
#include "vm/GlobalObject.h"
#include "vm/StringBuffer.h"
#include "jsinferinlines.h"
#include "jsobjinlines.h"
#include "vm/Stack-inl.h"
#include "vm/String-inl.h"
#include "vm/StringBuffer-inl.h"
using namespace mozilla;
using namespace js;

2
js/src/jsnum.cpp
View File

@ -73,6 +73,7 @@
#include "vm/GlobalObject.h"
#include "vm/MethodGuard.h"
#include "vm/StringBuffer.h"
#include "jsatominlines.h"
#include "jsinferinlines.h"
@ -82,7 +83,6 @@
#include "vm/MethodGuard-inl.h"
#include "vm/NumberObject-inl.h"
#include "vm/String-inl.h"
#include "vm/StringBuffer-inl.h"
using namespace js;
using namespace js::types;

2
js/src/jsobj.cpp
View File

@ -81,6 +81,7 @@
#include "frontend/BytecodeCompiler.h"
#include "frontend/BytecodeEmitter.h"
#include "frontend/Parser.h"
#include "vm/StringBuffer.h"
#include "js/MemoryMetrics.h"
#include "jsarrayinlines.h"
@ -91,7 +92,6 @@
#include "jsscriptinlines.h"
#include "vm/MethodGuard-inl.h"
#include "vm/StringBuffer-inl.h"
#if JS_HAS_XML_SUPPORT
#include "jsxml.h"

2
js/src/json.cpp
View File

@ -59,6 +59,7 @@
#include "jsxml.h"
#include "frontend/TokenStream.h"
#include "vm/StringBuffer.h"
#include "jsatominlines.h"
#include "jsboolinlines.h"
@ -66,7 +67,6 @@
#include "jsobjinlines.h"
#include "vm/Stack-inl.h"
#include "vm/StringBuffer-inl.h"
using namespace js;
using namespace js::gc;

4
js/src/jsonparser.cpp
View File

@ -42,9 +42,9 @@
#include "jsnum.h"
#include "jsonparser.h"
#include "jsobjinlines.h"
#include "vm/StringBuffer.h"
#include "vm/StringBuffer-inl.h"
#include "jsobjinlines.h"
using namespace js;

2
js/src/jsopcode.cpp
View File

@ -73,6 +73,7 @@
#include "frontend/BytecodeEmitter.h"
#include "frontend/TokenStream.h"
#include "vm/Debugger.h"
#include "vm/StringBuffer.h"
#include "jscntxtinlines.h"
#include "jsobjinlines.h"
@ -81,7 +82,6 @@
#include "jsautooplen.h"
#include "vm/RegExpObject-inl.h"
#include "vm/StringBuffer-inl.h"
using namespace mozilla;
using namespace js;

2
js/src/jsstr.cpp
View File

@ -76,6 +76,7 @@
#include "builtin/RegExp.h"
#include "vm/GlobalObject.h"
#include "vm/RegExpObject.h"
#include "vm/StringBuffer.h"
#include "jsinferinlines.h"
#include "jsobjinlines.h"
@ -87,7 +88,6 @@
#include "vm/RegExpStatics-inl.h"
#include "vm/StringObject-inl.h"
#include "vm/String-inl.h"
#include "vm/StringBuffer-inl.h"
using namespace js;
using namespace js::gc;

2
js/src/jsxml.cpp
View File

@ -71,6 +71,7 @@
#include "frontend/TokenStream.h"
#include "vm/GlobalObject.h"
#include "vm/MethodGuard.h"
#include "vm/StringBuffer.h"
#include "jsatominlines.h"
#include "jsinferinlines.h"
@ -78,7 +79,6 @@
#include "vm/Stack-inl.h"
#include "vm/String-inl.h"
#include "vm/StringBuffer-inl.h"
#ifdef DEBUG
#include <string.h> /* for #ifdef DEBUG memset calls */

4
js/src/vm/RegExpObject.cpp
View File

@ -39,14 +39,14 @@
* ***** END LICENSE BLOCK ***** */
#include "frontend/TokenStream.h"
#include "vm/RegExpStatics.h"
#include "vm/MatchPairs.h"
#include "vm/RegExpStatics.h"
#include "vm/StringBuffer.h"
#include "jsobjinlines.h"
#include "vm/RegExpObject-inl.h"
#include "vm/RegExpStatics-inl.h"
#include "vm/StringBuffer-inl.h"
using namespace js;
using js::detail::RegExpCode;

92
js/src/vm/StringBuffer-inl.h
View File

@ -1,92 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef StringBuffer_inl_h___
#define StringBuffer_inl_h___
#include "vm/StringBuffer.h"
#include "vm/String-inl.h"
namespace js {
inline bool
StringBuffer::checkLength(size_t length)
{
return JSString::validateLength(context(), length);
}
inline bool
StringBuffer::reserve(size_t len)
{
if (!checkLength(len))
return false;
return cb.reserve(len);
}
inline bool
StringBuffer::resize(size_t len)
{
if (!checkLength(len))
return false;
return cb.resize(len);
}
inline bool
StringBuffer::append(const jschar c)
{
if (!checkLength(cb.length() + 1))
return false;
return cb.append(c);
}
inline bool
StringBuffer::append(const jschar *chars, size_t len)
{
if (!checkLength(cb.length() + len))
return false;
return cb.append(chars, len);
}
inline bool
StringBuffer::append(const jschar *begin, const jschar *end)
{
if (!checkLength(cb.length() + (end - begin)))
return false;
return cb.append(begin, end);
}
inline bool
StringBuffer::appendN(const jschar c, size_t n)
{
if (!checkLength(cb.length() + n))
return false;
return cb.appendN(c, n);
}
/* ES5 9.8 ToString, appending the result to the string buffer. */
extern bool
ValueToStringBufferSlow(JSContext *cx, const Value &v, StringBuffer &sb);
inline bool
ValueToStringBuffer(JSContext *cx, const Value &v, StringBuffer &sb)
{
if (v.isString())
return sb.append(v.toString());
return ValueToStringBufferSlow(cx, v, sb);
}
/* ES5 9.8 ToString for booleans, appending the result to the string buffer. */
inline bool
BooleanToStringBuffer(JSContext *cx, bool b, StringBuffer &sb)
{
return b ? sb.append("true") : sb.append("false");
}
} /* namespace js */
#endif /* StringBuffer_inl_h__ */

4
js/src/vm/StringBuffer.cpp
View File

@ -9,7 +9,6 @@
#include "jsobjinlines.h"
#include "vm/String-inl.h"
#include "vm/StringBuffer-inl.h"
using namespace js;
@ -47,7 +46,8 @@ StringBuffer::finishString()
return cx->runtime->atomState.emptyAtom;
size_t length = cb.length();
JS_ASSERT(checkLength(length));
if (!JSString::validateLength(cx, length))
return NULL;
JS_STATIC_ASSERT(JSShortString::MAX_SHORT_LENGTH < CharBuffer::InlineLength);
if (JSShortString::lengthFits(length))

42
js/src/vm/StringBuffer.h
View File

@ -34,7 +34,6 @@ class StringBuffer
CharBuffer cb;
inline bool checkLength(size_t length);
JSContext *context() const { return cb.allocPolicy().context(); }
jschar *extractWellSized();
@ -44,14 +43,14 @@ class StringBuffer
public:
explicit StringBuffer(JSContext *cx) : cb(cx) { }
inline bool reserve(size_t len);
inline bool resize(size_t len);
inline bool append(const jschar c);
inline bool append(const jschar *chars, size_t len);
inline bool append(const jschar *begin, const jschar *end);
inline bool reserve(size_t len) { return cb.reserve(len); }
inline bool resize(size_t len) { return cb.resize(len); }
inline bool append(const jschar c) { return cb.append(c); }
inline bool append(const jschar *chars, size_t len) { return cb.append(chars, len); }
inline bool append(const jschar *begin, const jschar *end) { return cb.append(begin, end); }
inline bool append(JSString *str);
inline bool append(JSLinearString *str);
inline bool appendN(const jschar c, size_t n);
inline bool appendN(const jschar c, size_t n) { return cb.appendN(c, n); }
inline bool appendInflated(const char *cstr, size_t len);
template <size_t ArrayLength>
@ -78,7 +77,7 @@ class StringBuffer
const jschar *begin() const { return cb.begin(); }
const jschar *end() const { return cb.end(); }
bool empty() const { return cb.empty(); }
inline size_t length() const;
size_t length() const { return cb.length(); }
/*
* Creates a string from the characters in this buffer, then (regardless
@ -106,13 +105,6 @@ StringBuffer::append(JSString *str)
return append(linear);
}
inline size_t
StringBuffer::length() const
{
JS_ASSERT(cb.length() <= JSString::MAX_LENGTH);
return cb.length();
}
inline bool
StringBuffer::appendInflated(const char *cstr, size_t cstrlen)
{
@ -126,6 +118,26 @@ StringBuffer::appendInflated(const char *cstr, size_t cstrlen)
return true;
}
/* ES5 9.8 ToString, appending the result to the string buffer. */
extern bool
ValueToStringBufferSlow(JSContext *cx, const Value &v, StringBuffer &sb);
inline bool
ValueToStringBuffer(JSContext *cx, const Value &v, StringBuffer &sb)
{
if (v.isString())
return sb.append(v.toString());
return ValueToStringBufferSlow(cx, v, sb);
}
/* ES5 9.8 ToString for booleans, appending the result to the string buffer. */
inline bool
BooleanToStringBuffer(JSContext *cx, bool b, StringBuffer &sb)
{
return b ? sb.append("true") : sb.append("false");
}
} /* namespace js */
#endif /* StringBuffer_h___ */