118917 2013-07-19 11:58:01 -0700 [Windows] A few uses of String::charactersWithNullTermination() cause code to hold onto addresses of temporaries 2013-07-19 14:39:17 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) PC Windows 7 RESOLVED FIXED InRadar P1 Major --- 1 bfulgham bfulgham andersca ap bfulgham webkit-bug-importer oldest_to_newest 910275 0 bfulgham 2013-07-19 11:58:01 -0700 The recent code cleanup that created the String::charactersWithNullTermination() method accidentally stored the address of the temporary Vector buffer in various Windows API locations where it expects the memory to be retained by an external party. This causes Windows to attempt to use potentially reclaimed memory, resulting in weird menu items and other problems. This patch fixes the handful of places where this is an issue. 910277 1 webkit-bug-importer 2013-07-19 11:58:53 -0700 <rdar://problem/14495809> 910319 2 207144 bfulgham 2013-07-19 14:24:02 -0700 Created attachment 207144 Patch 910324 3 bfulgham 2013-07-19 14:39:17 -0700 Committed r152927: <http://trac.webkit.org/changeset/152927> 207144 2013-07-19 14:24:02 -0700 2013-07-19 14:25:02 -0700 Patch bug-118917-20130719142349.patch text/plain 3903 bfulgham SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE1MjkyNikKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIxIEBACisyMDEzLTA3LTE5ICBCcmVudCBG dWxnaGFtICA8YmZ1bGdoYW1AYXBwbGUuY29tPgorCisgICAgICAgIFtXaW5kb3dzXSBBdm9pZCBw YXNzaW5nIGFkZHJlc3NlcyBvZiB0ZW1wb3JhcmllcyB0byBXaW5kb3dzIEFQSS4KKyAgICAgICAg aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTExODkxNworCisgICAgICAg IFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRoZSB0ZW1wb3JhcnkgVmVj dG9yIHJldHVybmVkIGJ5IFN0cmluZzo6Y2hhcmFjdGVyc1dpdGhOdWxsVGVybWluYXRpb24KKyAg ICAgICAgd2FzIGdvaW5nIG91dCBvZiBzY29wZSBiZWZvcmUgaXRzIGZpcnN0IHVzZSwgY2F1c2lu ZyBXaW5kb3dzIEFQSSB0bworICAgICAgICByZWNlaXZlIGdhcmJhZ2UgbWVtb3J5LgorCisgICAg ICAgICogcGxhdGZvcm0vd2luL0NvbnRleHRNZW51V2luLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6 OkNvbnRleHRNZW51OjpjcmVhdGVQbGF0Zm9ybUNvbnRleHRNZW51RnJvbUl0ZW1zKToKKyAgICAg ICAgKiBwbGF0Zm9ybS93aW4vUGFzdGVib2FyZFdpbi5jcHA6CisgICAgICAgIChXZWJDb3JlOjpj cmVhdGVHbG9iYWxIRHJvcENvbnRlbnQpOgorICAgICAgICAqIHBsYXRmb3JtL3dpbi9TU0xLZXlH ZW5lcmF0b3JXaW4uY3BwOgorICAgICAgICAoV2ViQ29yZTo6V2ViQ29yZTo6c2lnbmVkUHVibGlj S2V5QW5kQ2hhbGxlbmdlU3RyaW5nKToKKwogMjAxMy0wNy0xOSAgWm9sdGFuIEhvcnZhdGggIDx6 b2x0YW5Ad2Via2l0Lm9yZz4KIAogICAgICAgICBbQ1NTIFNoYXBlc10gUmVtb3ZlIGxpbmVXaXRo aW5TaGFwZUJvdW5kcygpIGZyb20gU2hhcGVJbmZvIHNpbmNlIGl0J3Mgbm8gbG9uZ2VyIHVzZWQK SW5kZXg6IFNvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL3dpbi9Db250ZXh0TWVudVdpbi5jcHAKPT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vd2luL0NvbnRleHRNZW51V2luLmNw cAkocmV2aXNpb24gMTUyOTAyKQorKysgU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vd2luL0NvbnRl eHRNZW51V2luLmNwcAkod29ya2luZyBjb3B5KQpAQCAtMTE5LDExICsxMTksMTQgQEAgSE1FTlUg Q29udGV4dE1lbnU6OmNyZWF0ZVBsYXRmb3JtQ29udGV4dAogI2Vsc2UKICAgICAgICAgLy8gQ29u dGV4dE1lbnVJdGVtOjpwbGF0Zm9ybUNvbnRleHRNZW51SXRlbSBkb2Vzbid0IHNldCB0aGUgdGl0 bGUgb2YgdGhlIE1FTlVJVEVNSU5GTyB0byBtYWtlIHRoZQogICAgICAgICAvLyBsaWZldGltZSBo YW5kbGluZyBlYXNpZXIgZm9yIGNhbGxlcnMuCi0gICAgICAgIFN0cmluZyBpdGVtVGl0bGUgPSBp dGVtLnRpdGxlKCk7CisgICAgICAgIFZlY3RvcjxVQ2hhcj4gd2lkZUNoYXJUaXRsZTsgLy8gUmV0 YWluIGJ1ZmZlciBmb3IgbG9uZyBlbm91Z2ggdG8gbWFrZSB0aGUgSW5zZXJ0TWVudUl0ZW0gY2Fs bAorCisgICAgICAgIGNvbnN0IFN0cmluZyYgaXRlbVRpdGxlID0gaXRlbS50aXRsZSgpOwogICAg ICAgICBpZiAoaXRlbS50eXBlKCkgIT0gU2VwYXJhdG9yVHlwZSkgewogICAgICAgICAgICAgbWVu dUl0ZW0uZk1hc2sgfD0gTUlJTV9TVFJJTkc7CiAgICAgICAgICAgICBtZW51SXRlbS5jY2ggPSBp dGVtVGl0bGUubGVuZ3RoKCk7Ci0gICAgICAgICAgICBtZW51SXRlbS5kd1R5cGVEYXRhID0gY29u c3RfY2FzdDxMUFdTVFI+KGl0ZW1UaXRsZS5jaGFyYWN0ZXJzV2l0aE51bGxUZXJtaW5hdGlvbigp LmRhdGEoKSk7CisgICAgICAgICAgICB3aWRlQ2hhclRpdGxlID0gaXRlbVRpdGxlLmNoYXJhY3Rl cnNXaXRoTnVsbFRlcm1pbmF0aW9uKCk7CisgICAgICAgICAgICBtZW51SXRlbS5kd1R5cGVEYXRh ID0gY29uc3RfY2FzdDxMUFdTVFI+KHdpZGVDaGFyVGl0bGUuZGF0YSgpKTsKICAgICAgICAgfQog CiAgICAgICAgIDo6SW5zZXJ0TWVudUl0ZW0obWVudSwgaSwgVFJVRSwgJm1lbnVJdGVtKTsKSW5k ZXg6IFNvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL3dpbi9QYXN0ZWJvYXJkV2luLmNwcAo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS93aW4vUGFzdGVib2FyZFdpbi5jcHAJKHJl dmlzaW9uIDE1MjkwMikKKysrIFNvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL3dpbi9QYXN0ZWJvYXJk V2luLmNwcAkod29ya2luZyBjb3B5KQpAQCAtOTYzLDcgKzk2Myw4IEBAIHN0YXRpYyBIR0xPQkFM IGNyZWF0ZUdsb2JhbEhEcm9wQ29udGVudCgKICAgICAgICAgLy8gd2luZG93cyBkb2VzIG5vdCBl bmpveSBhIGxlYWRpbmcgc2xhc2ggb24gcGF0aHMKICAgICAgICAgaWYgKGxvY2FsUGF0aFswXSA9 PSAnLycpCiAgICAgICAgICAgICBsb2NhbFBhdGggPSBsb2NhbFBhdGguc3Vic3RyaW5nKDEpOwot ICAgICAgICBMUENXU1RSIGxvY2FsUGF0aFN0ciA9IGxvY2FsUGF0aC5jaGFyYWN0ZXJzV2l0aE51 bGxUZXJtaW5hdGlvbigpLmRhdGEoKTsKKyAgICAgICAgY29uc3QgVmVjdG9yPFVDaGFyPiYgbG9j YWxQYXRoV2lkZSA9IGxvY2FsUGF0aC5jaGFyYWN0ZXJzV2l0aE51bGxUZXJtaW5hdGlvbigpOwor ICAgICAgICBMUENXU1RSIGxvY2FsUGF0aFN0ciA9IGxvY2FsUGF0aFdpZGUuZGF0YSgpOwogICAg ICAgICBpZiAod2NzbGVuKGxvY2FsUGF0aFN0cikgKyAxIDwgTUFYX1BBVEgpCiAgICAgICAgICAg ICB3Y3NjcHlfcyhmaWxlUGF0aCwgTUFYX1BBVEgsIGxvY2FsUGF0aFN0cik7CiAgICAgICAgIGVs c2UKSW5kZXg6IFNvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL3dpbi9TU0xLZXlHZW5lcmF0b3JXaW4u Y3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL3dpbi9TU0xLZXlHZW5l cmF0b3JXaW4uY3BwCShyZXZpc2lvbiAxNTI5MDIpCisrKyBTb3VyY2UvV2ViQ29yZS9wbGF0Zm9y bS93aW4vU1NMS2V5R2VuZXJhdG9yV2luLmNwcAkod29ya2luZyBjb3B5KQpAQCAtNjgsNyArNjgs OCBAQCBTdHJpbmcgV2ViQ29yZTo6c2lnbmVkUHVibGljS2V5QW5kQ2hhbGxlCiAgICAgICAgIFN0 cmluZyBsb2NhbENoYWxsZW5nZSA9IGNoYWxsZW5nZTsKIAogICAgICAgICAvLyBXaW5kb3dzIEFQ SSB3b24ndCB3cml0ZSB0byBvdXIgYnVmZmVyLCBhbHRob3VnaCBpdCdzIG5vdCBkZWNsYXJlZCB3 aXRoIGNvbnN0LgotICAgICAgICByZXF1ZXN0SW5mby5wd3N6Q2hhbGxlbmdlU3RyaW5nID0gY29u c3RfY2FzdDx3Y2hhcl90Kj4obG9jYWxDaGFsbGVuZ2UuY2hhcmFjdGVyc1dpdGhOdWxsVGVybWlu YXRpb24oKS5kYXRhKCkpOworICAgICAgICBjb25zdCBWZWN0b3I8VUNoYXI+JiBsb2NhbENoYWxs ZW5nZVdpZGUgPSBsb2NhbENoYWxsZW5nZS5jaGFyYWN0ZXJzV2l0aE51bGxUZXJtaW5hdGlvbigp OworICAgICAgICByZXF1ZXN0SW5mby5wd3N6Q2hhbGxlbmdlU3RyaW5nID0gY29uc3RfY2FzdDx3 Y2hhcl90Kj4obG9jYWxDaGFsbGVuZ2VXaWRlLmRhdGEoKSk7CiAKICAgICAgICAgQ1JZUFRfQUxH T1JJVEhNX0lERU5USUZJRVIgc2lnbkFsZ28gPSB7IDAgfTsKICAgICAgICAgc2lnbkFsZ28ucHN6 T2JqSWQgPSBzek9JRF9SU0FfU0hBMVJTQTsK