Title: [238974] releases/WebKitGTK/webkit-2.22/Source/WTF
- Revision
- 238974
- Author
- mcatanz...@igalia.com
- Date
- 2018-12-07 16:24:50 -0800 (Fri, 07 Dec 2018)
Log Message
Merge r236969 - StringTypeAdapter constructor is not properly enforcing String::MaxLength.
https://bugs.webkit.org/show_bug.cgi?id=190392
<rdar://problem/45116210>
Reviewed by Saam Barati.
Previously, the StringTypeAdapter constructor for a UChar* string was summing the
unsigned length of the source string without an overflow check. We now make that
length a size_t which removes this issue, and assert that it's within
String::MaxLength thereafter.
Also made the StringTypeAdapter constructor for a LChar* string behave in an
equivalent manner for consistency. In both cases, we'll crash in a RELEASE_ASSERT
if the source string length exceeds String::MaxLength.
* wtf/text/StringConcatenate.h:
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.22/Source/WTF/ChangeLog (238973 => 238974)
--- releases/WebKitGTK/webkit-2.22/Source/WTF/ChangeLog 2018-12-08 00:24:32 UTC (rev 238973)
+++ releases/WebKitGTK/webkit-2.22/Source/WTF/ChangeLog 2018-12-08 00:24:50 UTC (rev 238974)
@@ -1,3 +1,22 @@
+2018-10-09 Mark Lam <mark....@apple.com>
+
+ StringTypeAdapter constructor is not properly enforcing String::MaxLength.
+ https://bugs.webkit.org/show_bug.cgi?id=190392
+ <rdar://problem/45116210>
+
+ Reviewed by Saam Barati.
+
+ Previously, the StringTypeAdapter constructor for a UChar* string was summing the
+ unsigned length of the source string without an overflow check. We now make that
+ length a size_t which removes this issue, and assert that it's within
+ String::MaxLength thereafter.
+
+ Also made the StringTypeAdapter constructor for a LChar* string behave in an
+ equivalent manner for consistency. In both cases, we'll crash in a RELEASE_ASSERT
+ if the source string length exceeds String::MaxLength.
+
+ * wtf/text/StringConcatenate.h:
+
2018-10-03 Mark Lam <mark....@apple.com>
Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
Modified: releases/WebKitGTK/webkit-2.22/Source/WTF/wtf/text/StringConcatenate.h (238973 => 238974)
--- releases/WebKitGTK/webkit-2.22/Source/WTF/wtf/text/StringConcatenate.h 2018-12-08 00:24:32 UTC (rev 238973)
+++ releases/WebKitGTK/webkit-2.22/Source/WTF/wtf/text/StringConcatenate.h 2018-12-08 00:24:50 UTC (rev 238974)
@@ -108,8 +108,10 @@
public:
StringTypeAdapter(const LChar* characters)
: m_characters(characters)
- , m_length(strlen(reinterpret_cast<const char*>(characters)))
{
+ size_t length = strlen(reinterpret_cast<const char*>(characters));
+ RELEASE_ASSERT(length <= String::MaxLength);
+ m_length = static_cast<unsigned>(length);
}
unsigned length() const { return m_length; }
@@ -138,12 +140,11 @@
StringTypeAdapter(const UChar* characters)
: m_characters(characters)
{
- unsigned length = 0;
+ size_t length = 0;
while (m_characters[length])
++length;
-
RELEASE_ASSERT(length <= String::MaxLength);
- m_length = length;
+ m_length = static_cast<unsigned>(length);
}
unsigned length() const { return m_length; }
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
