[Webkit-unassigned] [Bug 16127] Reproducible crash inside PCRE under guard malloc
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 30 09:30:03 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=16127
darin at apple.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #17604|review? |review+
Flag| |
------- Comment #8 from darin at apple.com 2007-11-30 09:30 PDT -------
(From update of attachment 17604)
This is not the correct way to write tests in fast/js -- the actual test should
be in a resources file, and the wrapper generated by the make-js-test-wrappers
script. With that structure we can possibly run them standalone in the future.
+ while ((++ptr < patternEnd) && ((c = *ptr) != ']')) {
if (c > 127)
c = getCharAndAdvanceIfSurrogate(ptr);
This still has a "run off the end" problem, because
getCharAndAdvanceIfSurrogate doesn't check the end. But that problem will go
away if we merge my change to remove support for UTF-16 surrogate pairs,
currently up for review.
I'm a little bit opposed to this code using parentheses around the patternEnd
conditions, when all the other similar code in the same file omits parens in
cases like these.
r=me, but better to improve the tests.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list