Skip to site navigation (Press enter)

[webkit-changes] [278207] trunk/Source/WebCore

bfulgham Fri, 28 May 2021 10:24:46 -0700

Title: [278207] trunk/Source/WebCore

Revision: 278207
Author: bfulg...@apple.com
Date: 2021-05-28 10:23:44 -0700 (Fri, 28 May 2021)

Log Message

Buffer computations should use correct type
https://bugs.webkit.org/show_bug.cgi?id=226352
<rdar://problem/78116213>


Reviewed by Ryosuke Niwa.

The implementation of utf8Buffer holds the buffer size in an 'int', even though our buffer
APIs take size_t arguments. Let's make this consistent.

* platform/SharedBuffer.cpp:
(WebCore::utf8Buffer):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/platform/SharedBuffer.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (278206 => 278207)


--- trunk/Source/WebCore/ChangeLog	2021-05-28 16:58:38 UTC (rev 278206)
+++ trunk/Source/WebCore/ChangeLog	2021-05-28 17:23:44 UTC (rev 278207)
@@ -1,3 +1,17 @@
+2021-05-28  Brent Fulgham  <bfulg...@apple.com>
+
+        Buffer computations should use correct type
+        https://bugs.webkit.org/show_bug.cgi?id=226352
+        <rdar://problem/78116213>
+
+        Reviewed by Ryosuke Niwa.
+
+        The implementation of utf8Buffer holds the buffer size in an 'int', even though our buffer
+        APIs take size_t arguments. Let's make this consistent.
+
+        * platform/SharedBuffer.cpp:
+        (WebCore::utf8Buffer):
+
 2021-05-28  Eric Carlson  <eric.carl...@apple.com>
 
         [Cocoa] Return immediately when asked to paint an AVPlayer that hasn't reached HaveCurrentData

Modified: trunk/Source/WebCore/platform/SharedBuffer.cpp (278206 => 278207)


--- trunk/Source/WebCore/platform/SharedBuffer.cpp	2021-05-28 16:58:38 UTC (rev 278206)
+++ trunk/Source/WebCore/platform/SharedBuffer.cpp	2021-05-28 17:23:44 UTC (rev 278207)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2021 Apple Inc. All rights reserved.
  * Copyright (C) Research In Motion Limited 2009-2010. All rights reserved.
  * Copyright (C) 2015 Canon Inc. All rights reserved.
  *
@@ -361,7 +361,12 @@
 RefPtr<SharedBuffer> utf8Buffer(const String& string)
 {
     // Allocate a buffer big enough to hold all the characters.
-    const int length = string.length();
+    const size_t length = string.length();
+    if constexpr (String::MaxLength > std::numeric_limits<size_t>::max() / 3) {
+        if (length > std::numeric_limits<size_t>::max() / 3)
+            return nullptr;
+    }
+
     Vector<char> buffer(length * 3);
 
     // Convert to runs of 8-bit characters.

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes