wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 622060 - Fix off-by-one error in num_toLocaleString (r=bz)

Browse Source
This commit is contained in:
Bill McCloskey 2010-12-31 11:30:24 -08:00
parent 157546a69c
commit 0daeeceb53
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
js/src/jsnum.cpp
View File

@ -769,9 +769,9 @@ num_toLocaleString(JSContext *cx, uintN argc, Value *vp)
decimalLength = strlen(rt->decimalSeparator);
/* Figure out how long resulting string will be. */
buflen = digits + (*nint ? strlen(nint + 1) : 0);
buflen = strlen(num);
if (*nint == '.')
buflen += decimalLength;
buflen += decimalLength - 1; /* -1 to account for existing '.' */
numGrouping = tmpGroup = rt->numGrouping;
remainder = digits;
@ -801,11 +801,15 @@ num_toLocaleString(JSContext *cx, uintN argc, Value *vp)
tmpDest = buf;
tmpSrc = num;
while (*tmpSrc == '-' || remainder--)
while (*tmpSrc == '-' || remainder--) {
JS_ASSERT(tmpDest - buf < buflen);
*tmpDest++ = *tmpSrc++;
}
while (tmpSrc < end) {
JS_ASSERT(tmpDest - buf + ptrdiff_t(thousandsLength) <= buflen);
strcpy(tmpDest, rt->thousandsSeparator);
tmpDest += thousandsLength;
JS_ASSERT(tmpDest - buf + *tmpGroup <= buflen);
memcpy(tmpDest, tmpSrc, *tmpGroup);
tmpDest += *tmpGroup;
tmpSrc += *tmpGroup;
@ -814,10 +818,13 @@ num_toLocaleString(JSContext *cx, uintN argc, Value *vp)
}
if (*nint == '.') {
JS_ASSERT(tmpDest - buf + ptrdiff_t(decimalLength) <= buflen);
strcpy(tmpDest, rt->decimalSeparator);
tmpDest += decimalLength;
JS_ASSERT(tmpDest - buf + ptrdiff_t(strlen(nint + 1)) <= buflen);
strcpy(tmpDest, nint + 1);
} else {
JS_ASSERT(tmpDest - buf + ptrdiff_t(strlen(nint)) <= buflen);
strcpy(tmpDest, nint);
}