LiteralParser has a bunch of uses of String::format with untrusted data
authordarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 15 Dec 2018 07:42:38 +0000 (07:42 +0000)
committerdarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 15 Dec 2018 07:42:38 +0000 (07:42 +0000)
commit64224fe64af16ac1a35430ed006cbbbb5870db57
tree1dcf55313179a45c62f7fbb0fab8aad4c9901308
parentcdcd4d57628d624a2d110c4a0cfd8c43fe209021
LiteralParser has a bunch of uses of String::format with untrusted data
https://bugs.webkit.org/show_bug.cgi?id=108883
rdar://problem/13666409

Reviewed by Mark Lam.

* runtime/LiteralParser.cpp:
(JSC::LiteralParser<CharType>::Lexer::lex): Use makeString instead of String::format.
(JSC::LiteralParser<CharType>::Lexer::lexStringSlow): Ditto.
(JSC::LiteralParser<CharType>::parse): Ditto.

* runtime/LiteralParser.h:
(JSC::LiteralParser::getErrorMessage): Use string concatenation instead of
String::format.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239248 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/LiteralParser.cpp
Source/JavaScriptCore/runtime/LiteralParser.h