Bug 246260 - StringImpl::copyCharacters incorrectly uses memcpy on destination pointers that may be null
Summary: StringImpl::copyCharacters incorrectly uses memcpy on destination pointers th...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Template Framework (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Darin Adler
URL:
Keywords: InRadar
: 246267 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-10-09 14:50 PDT by Darin Adler
Modified: 2022-10-16 01:00 PDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Darin Adler 2022-10-09 14:50:35 PDT 
After studying the call sites of StringImpl::copyCharacters, it is clear that many rely on being able to pass a combination of a null pointer for the destination and a zero length. The documentation of std::memcpy makes it clear that this leads to undefined behavior, so we can’t do this any more.
Comment 1 Radar WebKit Bug Importer 2022-10-09 22:04:50 PDT 
<rdar://problem/100962334>
Comment 2 Darin Adler 2022-10-10 01:59:07 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/5184
Comment 3 Philippe Normand 2022-10-10 02:19:34 PDT 
*** Bug 246267 has been marked as a duplicate of this bug. ***
Comment 4 EWS 2022-10-16 01:00:00 PDT 
Committed 255600@main (71265755b78a): <https://commits.webkit.org/255600@main>

Reviewed commits have been landed. Closing PR #5184 and removing active labels.