Closed Bug 378789 Opened 15 years ago Closed 15 years ago
_Put Escaped String can not deal with strings with \0
DEBUG-only js_PutEscapedStringImpl in jsstr.c added in patch from bug 366725 can not cope with strings containing '\0'. This is trivially visible through dumpHeap call in js shell: js> dumpHeap(null, [ "a\0b" ], null, 1); 0x8880c18 atom length via id 0x88851a0 Array 88851c0 via __proto__ 0x8884c40 BackstagePass 88b9798 via __parent__ Assertion failure: ' ' <= u && u < 127, at /home/igor/m/trunk/mozilla/js/src/jsstr.c:4938
When I wrote js_PutEscapedStringImpl I forgot that strchr(str, 0) returns a pointer to \0, not null. Thus for \0 embedded in JSString the code accesses one past the last character of js_EscapeMap. The patch fixes that with the explicit check for \0.
Attachment #262799 - Flags: review?(brendan)
Attachment #262799 - Flags: review?(brendan) → review+
I committed the patch from comment 1 to the trunk: Checking in jsstr.c; /cvsroot/mozilla/js/src/jsstr.c,v <-- jsstr.c new revision: 3.142; previous revision: 3.141 done
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
/cvsroot/mozilla/js/tests/js1_8/extensions/regress-378789.js,v <-- regress-378789.js initial revision: 1.1
verified fixed 1.9.0 2007-05-07 windows/linux/mac* shell
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.