Skip to site navigation (Press enter)

[webkit-changes] [237316] branches/safari-606-branch/Source/WTF

bshafiei Mon, 22 Oct 2018 00:20:47 -0700

Title: [237316] branches/safari-606-branch/Source/WTF

Revision: 237316
Author: [email protected]
Date: 2018-10-22 00:19:28 -0700 (Mon, 22 Oct 2018)

Log Message

Cherry-pick r236969. rdar://problem/45285687


    StringTypeAdapter constructor is not properly enforcing String::MaxLength.
    https://bugs.webkit.org/show_bug.cgi?id=190392
    <rdar://problem/45116210>

    Reviewed by Saam Barati.

    Previously, the StringTypeAdapter constructor for a UChar* string was summing the
    unsigned length of the source string without an overflow check.  We now make that
    length a size_t which removes this issue, and assert that it's within
    String::MaxLength thereafter.

    Also made the StringTypeAdapter constructor for a LChar* string behave in an
    equivalent manner for consistency.  In both cases, we'll crash in a RELEASE_ASSERT
    if the source string length exceeds String::MaxLength.

    * wtf/text/StringConcatenate.h:

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236969 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-606-branch/Source/WTF/ChangeLog
branches/safari-606-branch/Source/WTF/wtf/text/StringConcatenate.h

Diff

Modified: branches/safari-606-branch/Source/WTF/ChangeLog (237315 => 237316)


--- branches/safari-606-branch/Source/WTF/ChangeLog	2018-10-22 07:19:26 UTC (rev 237315)
+++ branches/safari-606-branch/Source/WTF/ChangeLog	2018-10-22 07:19:28 UTC (rev 237316)
@@ -1,5 +1,48 @@
 2018-10-21  Babak Shafiei  <[email protected]>
 
+        Cherry-pick r236969. rdar://problem/45285687
+
+    StringTypeAdapter constructor is not properly enforcing String::MaxLength.
+    https://bugs.webkit.org/show_bug.cgi?id=190392
+    <rdar://problem/45116210>
+    
+    Reviewed by Saam Barati.
+    
+    Previously, the StringTypeAdapter constructor for a UChar* string was summing the
+    unsigned length of the source string without an overflow check.  We now make that
+    length a size_t which removes this issue, and assert that it's within
+    String::MaxLength thereafter.
+    
+    Also made the StringTypeAdapter constructor for a LChar* string behave in an
+    equivalent manner for consistency.  In both cases, we'll crash in a RELEASE_ASSERT
+    if the source string length exceeds String::MaxLength.
+    
+    * wtf/text/StringConcatenate.h:
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236969 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2018-10-09  Mark Lam  <[email protected]>
+
+            StringTypeAdapter constructor is not properly enforcing String::MaxLength.
+            https://bugs.webkit.org/show_bug.cgi?id=190392
+            <rdar://problem/45116210>
+
+            Reviewed by Saam Barati.
+
+            Previously, the StringTypeAdapter constructor for a UChar* string was summing the
+            unsigned length of the source string without an overflow check.  We now make that
+            length a size_t which removes this issue, and assert that it's within
+            String::MaxLength thereafter.
+
+            Also made the StringTypeAdapter constructor for a LChar* string behave in an
+            equivalent manner for consistency.  In both cases, we'll crash in a RELEASE_ASSERT
+            if the source string length exceeds String::MaxLength.
+
+            * wtf/text/StringConcatenate.h:
+
+2018-10-21  Babak Shafiei  <[email protected]>
+
         Cherry-pick r236804. rdar://problem/45285687
 
     Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.

Modified: branches/safari-606-branch/Source/WTF/wtf/text/StringConcatenate.h (237315 => 237316)


--- branches/safari-606-branch/Source/WTF/wtf/text/StringConcatenate.h	2018-10-22 07:19:26 UTC (rev 237315)
+++ branches/safari-606-branch/Source/WTF/wtf/text/StringConcatenate.h	2018-10-22 07:19:28 UTC (rev 237316)
@@ -108,8 +108,10 @@
 public:
     StringTypeAdapter(const LChar* characters)
         : m_characters(characters)
-        , m_length(strlen(reinterpret_cast<const char*>(characters)))
     {
+        size_t length = strlen(reinterpret_cast<const char*>(characters));
+        RELEASE_ASSERT(length <= String::MaxLength);
+        m_length = static_cast<unsigned>(length);
     }
 
     unsigned length() const { return m_length; }
@@ -138,12 +140,11 @@
     StringTypeAdapter(const UChar* characters)
         : m_characters(characters)
     {
-        unsigned length = 0;
+        size_t length = 0;
         while (m_characters[length])
             ++length;
-
         RELEASE_ASSERT(length <= String::MaxLength);
-        m_length = length;
+        m_length = static_cast<unsigned>(length);
     }
 
     unsigned length() const { return m_length; }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes