summaryrefslogtreecommitdiffstats
path: root/js/src/vm/CharacterEncoding.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'js/src/vm/CharacterEncoding.cpp')
-rw-r--r--js/src/vm/CharacterEncoding.cpp13
1 files changed, 8 insertions, 5 deletions
diff --git a/js/src/vm/CharacterEncoding.cpp b/js/src/vm/CharacterEncoding.cpp
index 79d28ab719..3d05275e2d 100644
--- a/js/src/vm/CharacterEncoding.cpp
+++ b/js/src/vm/CharacterEncoding.cpp
@@ -286,11 +286,6 @@ static bool InflateUTF8ToUTF16(JSContext* cx, const UTF8Chars& src,
break;
}
} else {
- // Non-ASCII code unit. Determine its length in bytes (n).
- uint32_t n = 1;
- while (v & (0x80 >> n)) {
- n++;
- }
#define INVALID(report, arg, n2) \
do { \
@@ -315,6 +310,14 @@ static bool InflateUTF8ToUTF16(JSContext* cx, const UTF8Chars& src,
} \
} while (0)
+ // Non-ASCII code unit. Determine its length in bytes (n).
+ //
+ // Avoid undefined behavior from passing in 0
+ // (https://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html#index-_005f_005fbuiltin_005fclz)
+ // by turning on the low bit so that 0xff will set n=31-24=7, which will
+ // be detected as an invalid character.
+ uint32_t n = mozilla::CountLeadingZeroes32(~int8_t(src[i]) | 0x1) - 24;
+
// Check the leading byte.
if (n < 2 || n > 4) {
INVALID(ReportInvalidCharacter, i, 1);