Bug 1035325 - Incorrect data type in GetDeflatedUTF8StringLength. r=jandem
authorAndré Bargull <andrebargull@googlemail.com>
Tue, 08 Jul 2014 04:03:00 -0400
changeset 192841 f9a0324345c70b882600cc033f6fbf0d7d462b30
parent 192840 55017488f65527f85e44644c5fdce7b95fdc499d
child 192842 2b0123d6e00a38918721f8269b32fdb4095c42f6
push id7663
push userkwierso@gmail.com
push dateWed, 09 Jul 2014 03:08:08 +0000
treeherderfx-team@48de6f4f82af [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1035325
milestone33.0a1
Bug 1035325 - Incorrect data type in GetDeflatedUTF8StringLength. r=jandem
js/src/jit-test/tests/basic/bug1035325.js
js/src/vm/CharacterEncoding.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug1035325.js
@@ -0,0 +1,1 @@
+print("\uDBFF\uDFFF"); // don't crash/assert
--- a/js/src/vm/CharacterEncoding.cpp
+++ b/js/src/vm/CharacterEncoding.cpp
@@ -32,35 +32,38 @@ template <typename CharT>
 static size_t
 GetDeflatedUTF8StringLength(const CharT *chars, size_t nchars)
 {
     size_t nbytes = nchars;
     for (const CharT *end = chars + nchars; chars < end; chars++) {
         jschar c = *chars;
         if (c < 0x80)
             continue;
+        uint32_t v;
         if (0xD800 <= c && c <= 0xDFFF) {
             /* nbytes sets 1 length since this is surrogate pair. */
             if (c >= 0xDC00 || (chars + 1) == end) {
                 nbytes += 2; /* Bad Surrogate */
                 continue;
             }
             jschar c2 = chars[1];
             if (c2 < 0xDC00 || c2 > 0xDFFF) {
                 nbytes += 2; /* Bad Surrogate */
                 continue;
             }
-            c = ((c - 0xD800) << 10) + (c2 - 0xDC00) + 0x10000;
+            v = ((c - 0xD800) << 10) + (c2 - 0xDC00) + 0x10000;
             nbytes--;
             chars++;
+        } else {
+            v = c;
         }
-        c >>= 11;
+        v >>= 11;
         nbytes++;
-        while (c) {
-            c >>= 5;
+        while (v) {
+            v >>= 5;
             nbytes++;
         }
     }
     return nbytes;
 }
 
 static bool
 PutUTF8ReplacementCharacter(char **dst, size_t *dstlenp) {
@@ -152,17 +155,17 @@ JS::CharsToNewUTF8CharsZ(js::ThreadSafeC
     size_t len = GetDeflatedUTF8StringLength(str, chars.length());
 
     /* Allocate buffer. */
     char *utf8 = cx->pod_malloc<char>(len + 1);
     if (!utf8)
         return UTF8CharsZ();
 
     /* Encode to UTF8. */
-    DeflateStringToUTF8Buffer(cx, str, chars.length(), utf8, &len);
+    JS_ALWAYS_TRUE(DeflateStringToUTF8Buffer(cx, str, chars.length(), utf8, &len));
     utf8[len] = '\0';
 
     return UTF8CharsZ(utf8, len);
 }
 
 template UTF8CharsZ
 JS::CharsToNewUTF8CharsZ(js::ThreadSafeContext *cx, const mozilla::Range<const Latin1Char> chars);