Title: [239308] releases/WebKitGTK/webkit-2.22/Source/_javascript_Core
Revision
239308
Author
mcatanz...@igalia.com
Date
2018-12-17 18:03:13 -0800 (Mon, 17 Dec 2018)

Log Message

Merge r239248 - LiteralParser has a bunch of uses of String::format with untrusted data
https://bugs.webkit.org/show_bug.cgi?id=108883
rdar://problem/13666409

Reviewed by Mark Lam.

* runtime/LiteralParser.cpp:
(JSC::LiteralParser<CharType>::Lexer::lex): Use makeString instead of String::format.
(JSC::LiteralParser<CharType>::Lexer::lexStringSlow): Ditto.
(JSC::LiteralParser<CharType>::parse): Ditto.

* runtime/LiteralParser.h:
(JSC::LiteralParser::getErrorMessage): Use string concatenation instead of
String::format.

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog (239307 => 239308)


--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog	2018-12-18 02:03:09 UTC (rev 239307)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog	2018-12-18 02:03:13 UTC (rev 239308)
@@ -1,3 +1,20 @@
+2018-12-14  Darin Adler  <da...@apple.com>
+
+        LiteralParser has a bunch of uses of String::format with untrusted data
+        https://bugs.webkit.org/show_bug.cgi?id=108883
+        rdar://problem/13666409
+
+        Reviewed by Mark Lam.
+
+        * runtime/LiteralParser.cpp:
+        (JSC::LiteralParser<CharType>::Lexer::lex): Use makeString instead of String::format.
+        (JSC::LiteralParser<CharType>::Lexer::lexStringSlow): Ditto.
+        (JSC::LiteralParser<CharType>::parse): Ditto.
+
+        * runtime/LiteralParser.h:
+        (JSC::LiteralParser::getErrorMessage): Use string concatenation instead of
+        String::format.
+
 2018-12-13  Mark Lam  <mark....@apple.com>
 
         Add a missing exception check.

Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/runtime/LiteralParser.cpp (239307 => 239308)


--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/runtime/LiteralParser.cpp	2018-12-18 02:03:09 UTC (rev 239307)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/runtime/LiteralParser.cpp	2018-12-18 02:03:13 UTC (rev 239308)
@@ -37,6 +37,7 @@
 #include "StrongInlines.h"
 #include <wtf/ASCIICType.h>
 #include <wtf/dtoa.h>
+#include <wtf/text/StringConcatenate.h>
 
 namespace JSC {
 
@@ -515,7 +516,7 @@
             return tokenType;
         }
     }
-    m_lexErrorMessage = String::format("Unrecognized token '%c'", *m_ptr);
+    m_lexErrorMessage = makeString("Unrecognized token '", StringView { m_ptr, 1 }, '\'');
     return TokError;
 }
 
@@ -673,7 +674,7 @@
                     } // uNNNN == 5 characters
                     for (int i = 1; i < 5; i++) {
                         if (!isASCIIHexDigit(m_ptr[i])) {
-                            m_lexErrorMessage = String::format("\"\\%s\" is not a valid unicode escape", String(m_ptr, 5).ascii().data());
+                            m_lexErrorMessage = makeString("\"\\", StringView { m_ptr, 5 }, "\" is not a valid unicode escape");
                             return TokError;
                         }
                     }
@@ -687,7 +688,7 @@
                         m_ptr++;
                         break;
                     }
-                    m_lexErrorMessage = String::format("Invalid escape character %c", *m_ptr);
+                    m_lexErrorMessage = makeString("Invalid escape character ", StringView { m_ptr, 1 });
                     return TokError;
             }
         }
@@ -995,9 +996,9 @@
                     case TokIdentifier: {
                         typename Lexer::LiteralParserTokenPtr token = m_lexer.currentToken();
                         if (token->stringIs8Bit)
-                            m_parseErrorMessage = String::format("Unexpected identifier \"%s\"", String(token->stringToken8, token->stringLength).ascii().data());
+                            m_parseErrorMessage = makeString("Unexpected identifier \"", StringView { token->stringToken8, token->stringLength }, '"');
                         else
-                            m_parseErrorMessage = String::format("Unexpected identifier \"%s\"", String(token->stringToken16, token->stringLength).ascii().data());
+                            m_parseErrorMessage = makeString("Unexpected identifier \"", StringView { token->stringToken16, token->stringLength }, '"');
                         return JSValue();
                     }
                     case TokColon:

Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/runtime/LiteralParser.h (239307 => 239308)


--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/runtime/LiteralParser.h	2018-12-18 02:03:09 UTC (rev 239307)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/runtime/LiteralParser.h	2018-12-18 02:03:13 UTC (rev 239308)
@@ -102,9 +102,9 @@
     String getErrorMessage()
     { 
         if (!m_lexer.getErrorMessage().isEmpty())
-            return String::format("JSON Parse error: %s", m_lexer.getErrorMessage().ascii().data());
+            return "JSON Parse error: " + m_lexer.getErrorMessage();
         if (!m_parseErrorMessage.isEmpty())
-            return String::format("JSON Parse error: %s", m_parseErrorMessage.ascii().data());
+            return "JSON Parse error: " + m_parseErrorMessage;
         return "JSON Parse error: Unable to parse JSON string"_s;
     }
     
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to