Closed
Bug 378789
Opened 17 years ago
Closed 17 years ago
js_PutEscapedString can not deal with strings with \0
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
People
(Reporter: igor, Assigned: igor)
References
Details
(Keywords: regression)
Attachments
(1 file)
(deleted),
patch
|
brendan
:
review+
|
Details | Diff | Splinter Review |
DEBUG-only js_PutEscapedStringImpl in jsstr.c added in patch from bug 366725 can not cope with strings containing '\0'. This is trivially visible through dumpHeap call in js shell:
js> dumpHeap(null, [ "a\0b" ], null, 1);
0x8880c18 atom length via id
0x88851a0 Array 88851c0 via __proto__
0x8884c40 BackstagePass 88b9798 via __parent__
Assertion failure: ' ' <= u && u < 127, at /home/igor/m/trunk/mozilla/js/src/jsstr.c:4938
Assignee | ||
Comment 1•17 years ago
|
||
When I wrote js_PutEscapedStringImpl I forgot that strchr(str, 0) returns a pointer to \0, not null. Thus for \0 embedded in JSString the code accesses one past the last character of js_EscapeMap. The patch fixes that with the explicit check for \0.
Attachment #262799 -
Flags: review?(brendan)
Updated•17 years ago
|
Attachment #262799 -
Flags: review?(brendan) → review+
Assignee | ||
Comment 2•17 years ago
|
||
I committed the patch from comment 1 to the trunk:
Checking in jsstr.c;
/cvsroot/mozilla/js/src/jsstr.c,v <-- jsstr.c
new revision: 3.142; previous revision: 3.141
done
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Comment 3•17 years ago
|
||
/cvsroot/mozilla/js/tests/js1_8/extensions/regress-378789.js,v <-- regress-378789.js
initial revision: 1.1
Flags: in-testsuite+
Comment 4•17 years ago
|
||
verified fixed 1.9.0 2007-05-07 windows/linux/mac* shell
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•