author Mike Hommey <mh+mozilla@glandium.org>

Thu, 26 May 2016 21:25:16 +0900

changeset 371346 2179ef202dc02fcf54bc6f8272177aea309b1ad5

parent 371345 27108dad917e666a72ba384ac2311217158aa0c2

child 521973 b81365cb7bbb6d8e2a029cde2d4ec7b4854d6cf1

push id 19305

push user bmo:mh+mozilla@glandium.org

push date Thu, 26 May 2016 12:36:52 +0000

reviewers bbouvier

bugs 1275867

milestone 49.0a1

js/src/asmjs/WasmTextToBinary.cpp file | annotate | diff | comparison | revisions
--- a/js/src/asmjs/WasmTextToBinary.cpp
+++ b/js/src/asmjs/WasmTextToBinary.cpp
@@ -1725,21 +1725,22 @@ ParseFloatLiteral(WasmParseContext& c, W
             c.ts.generateError(token, c.error);
             return false;
         }
         break;
       case WasmToken::DecNumber: {
         // Call into JS' strtod. Tokenization has already required that the
         // string is well-behaved.
         LifoAlloc::Mark mark = c.lifo.mark();
-        char* buffer = c.lifo.newArray<char>(end - begin + 1);
+        char* buffer = c.lifo.newArray<char>(end - cur + 1);
         if (!buffer)
             return false;
         for (ptrdiff_t i = 0; i < end - cur; ++i)
             buffer[i] = char(cur[i]);
+        buffer[end - cur] = '\0';
         char* strtod_end;
         int err;
         Float d = (Float)js_strtod_harder(c.dtoaState, buffer, &strtod_end, &err);
         if (err != 0 || strtod_end == buffer) {
             c.lifo.release(mark);
             c.ts.generateError(token, c.error);
             return false;
         }
author	Mike Hommey <mh+mozilla@glandium.org>
	Thu, 26 May 2016 21:25:16 +0900
changeset 371346	2179ef202dc02fcf54bc6f8272177aea309b1ad5
parent 371345	27108dad917e666a72ba384ac2311217158aa0c2
child 521973	b81365cb7bbb6d8e2a029cde2d4ec7b4854d6cf1
push id	19305
push user	bmo:mh+mozilla@glandium.org
push date	Thu, 26 May 2016 12:36:52 +0000
reviewers	bbouvier
bugs	1275867
milestone	49.0a1