Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(405)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/uri.js

Issue 286203010: Harden builtins BuildResultFromMatchInfo and URIDecodeOctets (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: address comments Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/regexp.js ('k') | tools/generate-runtime-tests.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/uri.js
diff --git a/src/uri.js b/src/uri.js
index 3cc1fe4755816ba93293ed241d5e5d90e217ec90..fb9742fa873d30ebccc7dae2560bdb89cc434ef8 100644
--- a/src/uri.js
+++ b/src/uri.js
@@ -84,6 +84,7 @@ function URIHexCharsToCharCode(highChar, lowChar) {
function URIDecodeOctets(octets, result, index) {
+ if (!IS_STRING(result)) throw new $URIError("Internal error");
var value;
var o0 = octets[0];
if (o0 < 0x80) {
@@ -148,9 +149,15 @@ function URIDecodeOctets(octets, result, index) {
throw new $URIError("URI malformed");
}
if (value < 0x10000) {
+ if (index < 0 || index >= result.length) {
+ throw new $URIError("Internal error");
+ }
%_TwoByteSeqStringSetChar(result, index++, value);
return index;
} else {
+ if (index < 0 || index >= result.length - 1) {
+ throw new $URIError("Internal error");
+ }
%_TwoByteSeqStringSetChar(result, index++, (value >> 10) + 0xd7c0);
%_TwoByteSeqStringSetChar(result, index++, (value & 0x3ff) + 0xdc00);
return index;
« no previous file with comments | « src/regexp.js ('k') | tools/generate-runtime-tests.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698