appendQuotedJSONString stops on arithmetic overflow instead of propagating it upwards
authorrmorisset@apple.com <rmorisset@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 28 Mar 2018 09:36:44 +0000 (09:36 +0000)
committerrmorisset@apple.com <rmorisset@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 28 Mar 2018 09:36:44 +0000 (09:36 +0000)
commit6f8967530f2e725f5592a095c5ad149d45e54bda
tree8d8ca14780c192c03d2c4b9b033c4bcaf25d9189
parent21bc05981dbe23a4026ba39244729ca72e1071cb
appendQuotedJSONString stops on arithmetic overflow instead of propagating it upwards
https://bugs.webkit.org/show_bug.cgi?id=183894

Reviewed by Saam Barati.

JSTests:

* stress/json-stringified-overflow.js: Added.
(catch):

Source/JavaScriptCore:

Use the return value of appendQuotedJSONString to fail more gracefully when given a string that is too large to handle.

* runtime/JSONObject.cpp:
(JSC::Stringifier::appendStringifiedValue):

Source/WTF:

appendQuotedJSONString now returns a bool indicating whether it succeeded, instead of silently failing when given a string too large
to fit in 4GB.

* wtf/text/StringBuilder.h:
* wtf/text/StringBuilderJSON.cpp:
(WTF::StringBuilder::appendQuotedJSONString):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230026 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/json-stringified-overflow.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSONObject.cpp
Source/WTF/ChangeLog
Source/WTF/wtf/text/StringBuilder.h
Source/WTF/wtf/text/StringBuilderJSON.cpp