SOURCES: kdelibs-kjs.patch (NEW) - sec fix

arekm arekm at pld-linux.org
Sun Jan 15 14:15:56 CET 2006 

Author: arekm                        Date: Sun Jan 15 13:15:56 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- sec fix

---- Files affected:
SOURCES:
   kdelibs-kjs.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/kdelibs-kjs.patch
diff -u /dev/null SOURCES/kdelibs-kjs.patch:1.1
--- /dev/null	Sun Jan 15 14:15:56 2006
+++ SOURCES/kdelibs-kjs.patch	Sun Jan 15 14:15:51 2006
@@ -0,0 +1,49 @@
+Index: kjs/function.cpp
+===================================================================
+--- kjs/function.cpp	(revision 495921)
++++ kjs/function.cpp	(working copy)
+@@ -77,7 +77,8 @@ UString encodeURI(ExecState *exec, UStri
+       }
+       else if (C.uc >= 0xD800 && C.uc <= 0xDBFF) {
+ 
+-	if (k == string.size()) {
++        // we need two chars
++	if (k + 1 >= string.size()) {
+ 	  Object err = Error::create(exec,URIError);
+ 	  exec->setException(err);
+ 	  free(encbuf);
+@@ -197,6 +198,10 @@ UString decodeURI(ExecState *exec, UStri
+     }
+ 
+     k += 2;
++
++    if (decbufLen+2 >= decbufAlloc)
++        decbuf = (UChar*)realloc(decbuf,(decbufAlloc *= 2)*sizeof(UChar));
++
+     if ((B & 0x80) == 0) {
+       // Single-byte character
+       C = B;
+@@ -257,6 +262,12 @@ UString decodeURI(ExecState *exec, UStri
+ 	assert(n == 4);
+ 	unsigned long uuuuu = ((octets[0] & 0x07) << 2) | ((octets[1] >> 4) & 0x03);
+ 	unsigned long vvvv = uuuuu-1;
++	if (vvvv > 0x0F) {
++          Object err = Error::create(exec,URIError);
++	  exec->setException(err);
++	  free(decbuf);
++	  return UString();
++	}        
+ 	unsigned long wwww = octets[1] & 0x0F;
+ 	unsigned long xx = (octets[2] >> 4) & 0x03;
+ 	unsigned long yyyy = octets[2] & 0x0F;
+@@ -270,9 +281,7 @@ UString decodeURI(ExecState *exec, UStri
+     }
+ 
+     if (reservedSet.find(C) < 0) {
+-      if (decbufLen+1 >= decbufAlloc)
+-	decbuf = (UChar*)realloc(decbuf,(decbufAlloc *= 2)*sizeof(UChar));
+-      decbuf[decbufLen++] = C;
++        decbuf[decbufLen++] = C;
+     }
+     else {
+       while (decbufLen+k-start >= decbufAlloc)
================================================================

More information about the pld-cvs-commit mailing list