2007-07-12 Mark Rowe <mrowe@apple.com>
authorbdash <bdash@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 12 Jul 2007 07:21:00 +0000 (07:21 +0000)
committerbdash <bdash@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 12 Jul 2007 07:21:00 +0000 (07:21 +0000)
commit0b86c9dad7ffb6dd215ce7ae61e50e650ba11a81
treea72a38f6663752561ee9c31f142afb586e81b1d8
parentc71a9e6955b88f222e066a24b8f2546d6b0b01a8
2007-07-12  Mark Rowe  <mrowe@apple.com>

        Reviewed by Darin.

        <rdar://problem/5327189> Logic error in DeprecatedString::to{,U}Int{,64} can lead to reading past end of buffer

        The fix for reading past the end of the buffer is to verify we are not at the end of the string before checking
        for a leading '+' character.  Rather than fixing the logic error in four nearly-identical functions I chose to
        extract the common functionality into the toIntegralType helper function which the four functions call through to.

        * platform/DeprecatedString.cpp:
        (WebCore::isCharacterAllowedInBase):
        (WebCore::toIntegralType):
        (WebCore::DeprecatedString::toInt):
        (WebCore::DeprecatedString::toInt64):
        (WebCore::DeprecatedString::toUInt):
        (WebCore::DeprecatedString::toUInt64):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@24234 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebCore/ChangeLog
WebCore/platform/DeprecatedString.cpp