Changeset 236969 in webkit
- Timestamp:
- Oct 9, 2018 11:15:56 AM (6 years ago)
- Location:
- trunk/Source/WTF
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WTF/ChangeLog
r236962 r236969 1 2018-10-09 Mark Lam <mark.lam@apple.com> 2 3 StringTypeAdapter constructor is not properly enforcing String::MaxLength. 4 https://bugs.webkit.org/show_bug.cgi?id=190392 5 <rdar://problem/45116210> 6 7 Reviewed by Saam Barati. 8 9 Previously, the StringTypeAdapter constructor for a UChar* string was summing the 10 unsigned length of the source string without an overflow check. We now make that 11 length a size_t which removes this issue, and assert that it's within 12 String::MaxLength thereafter. 13 14 Also made the StringTypeAdapter constructor for a LChar* string behave in an 15 equivalent manner for consistency. In both cases, we'll crash in a RELEASE_ASSERT 16 if the source string length exceeds String::MaxLength. 17 18 * wtf/text/StringConcatenate.h: 19 1 20 2018-10-09 Mark Lam <mark.lam@apple.com> 2 21 -
trunk/Source/WTF/wtf/text/StringConcatenate.h
r236804 r236969 109 109 StringTypeAdapter(const LChar* characters) 110 110 : m_characters(characters) 111 , m_length(strlen(reinterpret_cast<const char*>(characters))) 112 { 111 { 112 size_t length = strlen(reinterpret_cast<const char*>(characters)); 113 RELEASE_ASSERT(length <= String::MaxLength); 114 m_length = static_cast<unsigned>(length); 113 115 } 114 116 … … 139 141 : m_characters(characters) 140 142 { 141 unsignedlength = 0;143 size_t length = 0; 142 144 while (m_characters[length]) 143 145 ++length; 144 145 146 RELEASE_ASSERT(length <= String::MaxLength); 146 m_length = length;147 m_length = static_cast<unsigned>(length); 147 148 } 148 149
Note: See TracChangeset
for help on using the changeset viewer.