Title: [166414] trunk/Source/WTF
- Revision
- 166414
- Author
- [email protected]
- Date
- 2014-03-28 10:58:57 -0700 (Fri, 28 Mar 2014)
Log Message
Null pointer crash in String::append(UChar).
https://bugs.webkit.org/show_bug.cgi?id=130900
Patch by [email protected] <[email protected]> on 2014-03-28
Reviewed by Michael Saboff.
* wtf/text/WTFString.cpp:
(WTF::String::append): Check and initialize m_impl member first, to avoid null pointer crash.
Modified Paths
Diff
Modified: trunk/Source/WTF/ChangeLog (166413 => 166414)
--- trunk/Source/WTF/ChangeLog 2014-03-28 17:51:51 UTC (rev 166413)
+++ trunk/Source/WTF/ChangeLog 2014-03-28 17:58:57 UTC (rev 166414)
@@ -1,3 +1,13 @@
+2014-03-28 [email protected] <[email protected]>
+
+ Null pointer crash in String::append(UChar).
+ https://bugs.webkit.org/show_bug.cgi?id=130900
+
+ Reviewed by Michael Saboff.
+
+ * wtf/text/WTFString.cpp:
+ (WTF::String::append): Check and initialize m_impl member first, to avoid null pointer crash.
+
2014-03-27 Commit Queue <[email protected]>
Unreviewed, rolling out r166360.
Modified: trunk/Source/WTF/wtf/text/WTFString.cpp (166413 => 166414)
--- trunk/Source/WTF/wtf/text/WTFString.cpp 2014-03-28 17:51:51 UTC (rev 166413)
+++ trunk/Source/WTF/wtf/text/WTFString.cpp 2014-03-28 17:58:57 UTC (rev 166414)
@@ -143,14 +143,14 @@
{
// FIXME: This is extremely inefficient. So much so that we might want to take this out of String's API.
+ if (!m_impl) {
+ m_impl = StringImpl::create(&character, 1);
+ return;
+ }
if (character <= 0xFF && is8Bit()) {
append(static_cast<LChar>(character));
return;
}
- if (!m_impl) {
- m_impl = StringImpl::create(&character, 1);
- return;
- }
if (m_impl->length() >= std::numeric_limits<unsigned>::max())
CRASH();
UChar* data;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
