[webkit-changes] cvs commit: WebCore/manual-tests window-open-features-parsing.html

Sat Dec 24 14:00:26 PST 2005

ggaren      05/12/24 14:00:25

  Modified:    .        ChangeLog
               khtml/ecma kjs_window.cpp
               kwq      KWQString.mm
               manual-tests window-open-features-parsing.html
  Log:
          Reviewed by eric.
  
          http://bugzilla.opendarwin.org/show_bug.cgi?id=6231
  
          - Fixed assertion failure in QString::mid caused by my last checkin.
          parseWindowFeatuers() sometimes called QString::mid() with a start
          index past the end of the string but a length of 0. There were two
          problems there. (1) parseWindowString() shouldn't have gotten past the
          end of the string. (2) QString had range truncating code that was
          borked. So I fixed both.
  
          * khtml/ecma/kjs_window.cpp:
          (KJS::parseWindowFeatures): One of the "past the end" tests was >
          instead of >=.
          * kwq/KWQString.mm:
          (QString::mid): Truncate length *before* deciding whether to return
          early. Also, compare start and data._length before computing
          data._length - start, because the error case we're trying to catch
          will almost certainly cause unsigned overflow.
          * manual-tests/window-open-features-parsing.html: Added trailing ','
          to uber-test to catch this failure, too.
  
  Revision  Changes    Path
  1.38      +24 -0     WebCore/ChangeLog
  
  Index: ChangeLog
  ===================================================================
  RCS file: /cvs/root/WebCore/ChangeLog,v
  retrieving revision 1.37
  retrieving revision 1.38
  diff -u -r1.37 -r1.38
  --- ChangeLog	24 Dec 2005 10:02:21 -0000	1.37
  +++ ChangeLog	24 Dec 2005 22:00:24 -0000	1.38
  @@ -1,3 +1,27 @@
  +2005-12-24  Geoffrey Garen  <ggaren at apple.com>
  +
  +        Reviewed by eric.
  +
  +        http://bugzilla.opendarwin.org/show_bug.cgi?id=6231
  +
  +        - Fixed assertion failure in QString::mid caused by my last checkin. 
  +        parseWindowFeatuers() sometimes called QString::mid() with a start 
  +        index past the end of the string but a length of 0. There were two 
  +        problems there. (1) parseWindowString() shouldn't have gotten past the 
  +        end of the string. (2) QString had range truncating code that was 
  +        borked. So I fixed both.
  +
  +        * khtml/ecma/kjs_window.cpp:
  +        (KJS::parseWindowFeatures): One of the "past the end" tests was > 
  +        instead of >=.
  +        * kwq/KWQString.mm:
  +        (QString::mid): Truncate length *before* deciding whether to return 
  +        early. Also, compare start and data._length before computing 
  +        data._length - start, because the error case we're trying to catch 
  +        will almost certainly cause unsigned overflow.
  +        * manual-tests/window-open-features-parsing.html: Added trailing ',' 
  +        to uber-test to catch this failure, too.
  +
   2005-12-24  Mitz Pettel  <opendarwin.org at mitzpettel.com>
   
           Reviewed by Maciej.
  
  
  
  1.208     +1 -1      WebCore/khtml/ecma/kjs_window.cpp
  
  Index: kjs_window.cpp
  ===================================================================
  RCS file: /cvs/root/WebCore/khtml/ecma/kjs_window.cpp,v
  retrieving revision 1.207
  retrieving revision 1.208
  diff -u -r1.207 -r1.208
  --- kjs_window.cpp	23 Dec 2005 23:04:07 -0000	1.207
  +++ kjs_window.cpp	24 Dec 2005 22:00:24 -0000	1.208
  @@ -1505,7 +1505,7 @@
       while (i < length) {
           // skip to first letter or number, but don't skip past the end of the string
           while (!buffer[i].isLetterOrNumber()) {
  -            if (i > length)
  +            if (i >= length)
                   break;
               i++;
           }
  
  
  
  1.145     +9 -5      WebCore/kwq/KWQString.mm
  
  Index: KWQString.mm
  ===================================================================
  RCS file: /cvs/root/WebCore/kwq/KWQString.mm,v
  retrieving revision 1.144
  retrieving revision 1.145
  diff -u -r1.144 -r1.145
  --- KWQString.mm	23 Dec 2005 18:44:38 -0000	1.144
  +++ KWQString.mm	24 Dec 2005 22:00:25 -0000	1.145
  @@ -1860,17 +1860,21 @@
       {
           KWQStringData &data = **dataHandle;
           
  -        if (data._length == 0)
  -            return QString();
  -            
           // clip length
  -        if( len > data._length - start )
  +        if (start >= data._length)
  +            return QString();
  +        
  +        if (len > data._length - start)
               len = data._length - start;
   
  +        if (len == 0)
  +            return QString();
  +        
           if ( index == 0 && len == data._length )
               return *this;
   
  -        ASSERT( start+len<=data._length );	// range check
  +        ASSERT(start + len >= start &&       // unsigned overflow
  +               start + len <= data._length); // past the end
           
           // ascii case
           if( data._isAsciiValid && data._ascii )
  
  
  
  1.2       +1 -1      WebCore/manual-tests/window-open-features-parsing.html
  
  Index: window-open-features-parsing.html
  ===================================================================
  RCS file: /cvs/root/WebCore/manual-tests/window-open-features-parsing.html,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- window-open-features-parsing.html	23 Dec 2005 23:04:08 -0000	1.1
  +++ window-open-features-parsing.html	24 Dec 2005 22:00:25 -0000	1.2
  @@ -9,7 +9,7 @@
           - resizable: reads as yess, which is invalid, which means no
           - status: reads as "", which means yes
       */    
  -    var sFeatures = " 	,=width ==	= = 	0200|0=height  400,1width=400,left=nO toolBAR=yeS,resizable=yess,  \t\v\f\r\nstatus= "; 
  +    var sFeatures = " 	,=width ==	= = 	0200|0=height  400,1width=400,left=nO toolBAR=yeS,resizable=yess,  \t\v\f\r\nstatus= ,"; 
       var w = window.open("resources/popup200x100.html", undefined, sFeatures); 
       w.focus();
   }