Imported WebKit commit 35255d8c2fd37ba4359e75fe0ebe6aec87687f9c (http://svn.webkit.org/repository/webkit/trunk@126284)

New snapshot that includes MSVC 64-bit build fix

1 files changed, 23 insertions, 16 deletions

diff --git a/Source/WTF/wtf/text/CString.cpp b/Source/WTF/wtf/text/CString.cpp
index 981d77a1d..fe1485532 100644
--- a/Source/WTF/wtf/text/CString.cpp
+++ b/Source/WTF/wtf/text/CString.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2003, 2006, 2008, 2009, 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2003, 2006, 2008, 2009, 2010, 2012 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,6 +31,18 @@ using namespace std;
 
 namespace WTF {
 
+PassRefPtr<CStringBuffer> CStringBuffer::createUninitialized(size_t length)
+{
+    if (length > (numeric_limits<size_t>::max() - sizeof(CStringBuffer)))
+        CRASH();
+
+    // CStringBuffer already has space for one character, we do not need to add +1 to the length
+    // to store the terminating zero.
+    size_t size = sizeof(CStringBuffer) + length;
+    CStringBuffer* stringBuffer = static_cast<CStringBuffer*>(fastMalloc(size));
+    return adoptRef(new (NotNull, stringBuffer) CStringBuffer(length));
+}
+
 CString::CString(const char* str)
 {
     if (!str)
@@ -41,21 +53,19 @@ CString::CString(const char* str)
 
 CString::CString(const char* str, size_t length)
 {
+    if (!str) {
+        ASSERT(!length);
+        return;
+    }
+
     init(str, length);
 }
 
 void CString::init(const char* str, size_t length)
 {
-    if (!str)
-        return;
+    ASSERT(str);
 
-    // We need to be sure we can add 1 to length without overflowing.
-    // Since the passed-in length is the length of an actual existing
-    // string, and we know the string doesn't occupy the entire address
-    // space, we can assert here and there's no need for a runtime check.
-    ASSERT(length < numeric_limits<size_t>::max());
-
-    m_buffer = CStringBuffer::create(length + 1);
+    m_buffer = CStringBuffer::createUninitialized(length);
     memcpy(m_buffer->mutableData(), str, length); 
     m_buffer->mutableData()[length] = '\0';
 }
@@ -70,11 +80,8 @@ char* CString::mutableData()
     
 CString CString::newUninitialized(size_t length, char*& characterBuffer)
 {
-    if (length >= numeric_limits<size_t>::max())
-        CRASH();
-
     CString result;
-    result.m_buffer = CStringBuffer::create(length + 1);
+    result.m_buffer = CStringBuffer::createUninitialized(length);
     char* bytes = result.m_buffer->mutableData();
     bytes[length] = '\0';
     characterBuffer = bytes;
@@ -88,8 +95,8 @@ void CString::copyBufferIfNeeded()
 
     RefPtr<CStringBuffer> buffer = m_buffer.release();
     size_t length = buffer->length();
-    m_buffer = CStringBuffer::create(length);
-    memcpy(m_buffer->mutableData(), buffer->data(), length);
+    m_buffer = CStringBuffer::createUninitialized(length);
+    memcpy(m_buffer->mutableData(), buffer->data(), length + 1);
 }
 
 bool operator==(const CString& a, const CString& b)