diff options
Diffstat (limited to 'js/src/vm/CharacterEncoding.cpp')
-rw-r--r-- | js/src/vm/CharacterEncoding.cpp | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/js/src/vm/CharacterEncoding.cpp b/js/src/vm/CharacterEncoding.cpp index 79d28ab719..3d05275e2d 100644 --- a/js/src/vm/CharacterEncoding.cpp +++ b/js/src/vm/CharacterEncoding.cpp @@ -286,11 +286,6 @@ static bool InflateUTF8ToUTF16(JSContext* cx, const UTF8Chars& src, break; } } else { - // Non-ASCII code unit. Determine its length in bytes (n). - uint32_t n = 1; - while (v & (0x80 >> n)) { - n++; - } #define INVALID(report, arg, n2) \ do { \ @@ -315,6 +310,14 @@ static bool InflateUTF8ToUTF16(JSContext* cx, const UTF8Chars& src, } \ } while (0) + // Non-ASCII code unit. Determine its length in bytes (n). + // + // Avoid undefined behavior from passing in 0 + // (https://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html#index-_005f_005fbuiltin_005fclz) + // by turning on the low bit so that 0xff will set n=31-24=7, which will + // be detected as an invalid character. + uint32_t n = mozilla::CountLeadingZeroes32(~int8_t(src[i]) | 0x1) - 24; + // Check the leading byte. if (n < 2 || n > 4) { INVALID(ReportInvalidCharacter, i, 1); |