You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
1.5 KiB
49 lines
1.5 KiB
Index: kjs/function.cpp
|
|
===================================================================
|
|
--- kjs/function.cpp (revision 495921)
|
|
+++ ./kjs/function.cpp (working copy)
|
|
@@ -77,7 +77,8 @@ UString encodeURI(ExecState *exec, UStri
|
|
}
|
|
else if (C.uc >= 0xD800 && C.uc <= 0xDBFF) {
|
|
|
|
- if (k == string.size()) {
|
|
+ // we need two chars
|
|
+ if (k + 1 >= string.size()) {
|
|
Object err = Error::create(exec,URIError);
|
|
exec->setException(err);
|
|
free(encbuf);
|
|
@@ -197,6 +198,10 @@ UString decodeURI(ExecState *exec, UStri
|
|
}
|
|
|
|
k += 2;
|
|
+
|
|
+ if (decbufLen+2 >= decbufAlloc)
|
|
+ decbuf = (UChar*)realloc(decbuf,(decbufAlloc *= 2)*sizeof(UChar));
|
|
+
|
|
if ((B & 0x80) == 0) {
|
|
// Single-byte character
|
|
C = B;
|
|
@@ -257,6 +262,12 @@ UString decodeURI(ExecState *exec, UStri
|
|
assert(n == 4);
|
|
unsigned long uuuuu = ((octets[0] & 0x07) << 2) | ((octets[1] >> 4) & 0x03);
|
|
unsigned long vvvv = uuuuu-1;
|
|
+ if (vvvv > 0x0F) {
|
|
+ Object err = Error::create(exec,URIError);
|
|
+ exec->setException(err);
|
|
+ free(decbuf);
|
|
+ return UString();
|
|
+ }
|
|
unsigned long wwww = octets[1] & 0x0F;
|
|
unsigned long xx = (octets[2] >> 4) & 0x03;
|
|
unsigned long yyyy = octets[2] & 0x0F;
|
|
@@ -270,9 +281,7 @@ UString decodeURI(ExecState *exec, UStri
|
|
}
|
|
|
|
if (reservedSet.find(C) < 0) {
|
|
- if (decbufLen+1 >= decbufAlloc)
|
|
- decbuf = (UChar*)realloc(decbuf,(decbufAlloc *= 2)*sizeof(UChar));
|
|
- decbuf[decbufLen++] = C;
|
|
+ decbuf[decbufLen++] = C;
|
|
}
|
|
else {
|
|
while (decbufLen+k-start >= decbufAlloc)
|