Bug 246260

Summary:	StringImpl::copyCharacters incorrectly uses memcpy on destination pointers that may be null
Product:	WebKit	Reporter:	Darin Adler <darin>
Component:	Web Template Framework	Assignee:	Darin Adler <darin>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	philn, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Darin Adler

Reported 2022-10-09 14:50:35 PDT

After studying the call sites of StringImpl::copyCharacters, it is clear that many rely on being able to pass a combination of a null pointer for the destination and a zero length. The documentation of std::memcpy makes it clear that this leads to undefined behavior, so we can’t do this any more.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2022-10-09 22:04:50 PDT

<rdar://problem/100962334>

Darin Adler

Comment 2 2022-10-10 01:59:07 PDT

Pull request: https://github.com/WebKit/WebKit/pull/5184

Philippe Normand

Comment 3 2022-10-10 02:19:34 PDT

*** Bug 246267 has been marked as a duplicate of this bug. ***

EWS

Comment 4 2022-10-16 01:00:00 PDT

Committed 255600@main (71265755b78a): <https://commits.webkit.org/255600@main> Reviewed commits have been landed. Closing PR #5184 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.