246260 – StringImpl::copyCharacters incorrectly uses memcpy on destination pointers that may be null

RESOLVED FIXED246260

StringImpl::copyCharacters incorrectly uses memcpy on destination pointers that may be null

https://bugs.webkit.org/show_bug.cgi?id=246260

Summary StringImpl::copyCharacters incorrectly uses memcpy on destination pointers th...

Darin Adler

Reported 2022-10-09 14:50:35 PDT

After studying the call sites of StringImpl::copyCharacters, it is clear that many rely on being able to pass a combination of a null pointer for the destination and a zero length. The documentation of std::memcpy makes it clear that this leads to undefined behavior, so we can’t do this any more.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2022-10-09 22:04:50 PDT

<rdar://problem/100962334>

Darin Adler

Comment 2 2022-10-10 01:59:07 PDT

Pull request: https://github.com/WebKit/WebKit/pull/5184

Philippe Normand

Comment 3 2022-10-10 02:19:34 PDT

*** Bug 246267 has been marked as a duplicate of this bug. ***

EWS

Comment 4 2022-10-16 01:00:00 PDT

Committed 255600@main (71265755b78a): <https://commits.webkit.org/255600@main> Reviewed commits have been landed. Closing PR #5184 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Web Template Framework

Assignee

Darin Adler

Reported

2022-10-09 14:50 PDT

Modified

2022-10-16 01:00 PDT History

CC List

2 users Show

URL

Keywords InRadar

Duplicates (1)

246267 View as bug list

Depends on

Blocks