79135 2012-02-21 11:49:58 -0800 equalIgnoringNullity() only comparing half the bytes for equality 2012-02-21 16:19:16 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 tsepez tsepez abarth webkit.review.bot oldest_to_newest 561101 0 tsepez 2012-02-21 11:49:58 -0800 In WebKit/Source/JavaScriptCore/wtf/text/StringImpl.h:731 template<size_t inlineCapacity> bool equalIgnoringNullity(const Vector<UChar, inlineCapacity>& a, StringImpl* b) { if (!b) return !a.size(); if (a.size() != b->length()) return false; return !memcmp(a.data(), b->characters(), b->length()); } Which will memcmp() exactly half the bytes since sizeof UChar is 2. This only gets called from XSSAuditor, and owing to absence of unit tests, the way to test this is via an XSSAuditor test. 561163 1 128029 tsepez 2012-02-21 13:06:29 -0800 Created attachment 128029 Patch plus change to make test flunk without the patch. 561173 2 abarth 2012-02-21 13:21:06 -0800 Did you look at other uses of memcmp in that file to make sure they were ok ? 561187 3 tsepez 2012-02-21 13:43:31 -0800 Just checked that its the only use in the .h, and in the .cpp, the two uses multiply by the size of the templated chartype. 561351 4 128029 webkit.review.bot 2012-02-21 16:19:11 -0800 Comment on attachment 128029 Patch plus change to make test flunk without the patch. Clearing flags on attachment: 128029 Committed r108412: <http://trac.webkit.org/changeset/108412> 561353 5 webkit.review.bot 2012-02-21 16:19:16 -0800 All reviewed patches have been landed. Closing bug. 128029 2012-02-21 13:06:29 -0800 2012-02-21 16:19:11 -0800 Patch plus change to make test flunk without the patch. patch_79135.txt text/plain 2593 tsepez SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTA4Mzg2KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDEzIEBA CisyMDEyLTAyLTIxICBUb20gU2VwZXogIDx0c2VwZXpAY2hyb21pdW0ub3JnPgorCisgICAgICAg IGVxdWFsSWdub3JpbmdOdWxsaXR5KCkgb25seSBjb21wYXJpbmcgaGFsZiB0aGUgYnl0ZXMgZm9y IGVxdWFsaXR5CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD03OTEzNQorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg ICogd3RmL3RleHQvU3RyaW5nSW1wbC5oOgorICAgICAgICAoV1RGOjplcXVhbElnbm9yaW5nTnVs bGl0eSk6CisKIDIwMTItMDItMjEgIFJvbGFuZCBUYWthY3MgIDx0YWthY3Mucm9sYW5kQHN0dWQu dS1zemVnZWQuaHU+CiAKICAgICAgICAgVW5uZWNlc3NhcnkgcHJlcHJvY2Vzc29yIG1hY3JvcyBp biBNYWluVGhyZWFkLmgvY3BwCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvd3RmL3RleHQv U3RyaW5nSW1wbC5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS93dGYvdGV4 dC9TdHJpbmdJbXBsLmgJKHJldmlzaW9uIDEwODM4MSkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29y ZS93dGYvdGV4dC9TdHJpbmdJbXBsLmgJKHdvcmtpbmcgY29weSkKQEAgLTczNSw3ICs3MzUsNyBA QCBib29sIGVxdWFsSWdub3JpbmdOdWxsaXR5KGNvbnN0IFZlY3RvcjxVCiAgICAgICAgIHJldHVy biAhYS5zaXplKCk7CiAgICAgaWYgKGEuc2l6ZSgpICE9IGItPmxlbmd0aCgpKQogICAgICAgICBy ZXR1cm4gZmFsc2U7Ci0gICAgcmV0dXJuICFtZW1jbXAoYS5kYXRhKCksIGItPmNoYXJhY3RlcnMo KSwgYi0+bGVuZ3RoKCkpOworICAgIHJldHVybiAhbWVtY21wKGEuZGF0YSgpLCBiLT5jaGFyYWN0 ZXJzKCksIGItPmxlbmd0aCgpICogc2l6ZW9mKFVDaGFyKSk7CiB9CiAKIFdURl9FWFBPUlRfUFJJ VkFURSBpbnQgY29kZVBvaW50Q29tcGFyZShjb25zdCBTdHJpbmdJbXBsKiwgY29uc3QgU3RyaW5n SW1wbCopOwpJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91 dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gMTA4Mzg2KQorKysgTGF5b3V0VGVzdHMvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTIgQEAKKzIwMTItMDItMjEgIFRvbSBTZXBl eiAgPHRzZXBlekBjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgZXF1YWxJZ25vcmluZ051bGxpdHko KSBvbmx5IGNvbXBhcmluZyBoYWxmIHRoZSBieXRlcyBmb3IgZXF1YWxpdHkKKyAgICAgICAgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTc5MTM1CisKKyAgICAgICAgUmV2 aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiBodHRwL3Rlc3RzL3NlY3VyaXR5 L3hzc0F1ZGl0b3Ivc2NyaXB0LXRhZy5odG1sOgorCiAyMDEyLTAyLTIxICBDaHJpcyBGbGVpemFj aCAgPGNmbGVpemFjaEBhcHBsZS5jb20+CiAKICAgICAgICAgQVg6IG1vdmUgYXJpYS1pbnZhbGlk IHRlc3QgdG8gdG9wIGxldmVsLCBzbyBvdGhlciBwbGF0Zm9ybXMgY2FuIHVzZSBpdApJbmRleDog TGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS94c3NBdWRpdG9yL3NjcmlwdC10YWcuaHRt bAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0 b3Ivc2NyaXB0LXRhZy5odG1sCShyZXZpc2lvbiAxMDgzODEpCisrKyBMYXlvdXRUZXN0cy9odHRw L3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0b3Ivc2NyaXB0LXRhZy5odG1sCSh3b3JraW5nIGNvcHkp CkBAIC05LDcgKzksNyBAQCBpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKSB7CiA8L3Nj cmlwdD4KIDwvaGVhZD4KIDxib2R5PgotPGlmcmFtZSBzcmM9Imh0dHA6Ly9sb2NhbGhvc3Q6ODAw MC9zZWN1cml0eS94c3NBdWRpdG9yL3Jlc291cmNlcy9lY2hvLWludGVydGFnLnBsP3E9PHNjcmlw dD5hbGVydChTdHJpbmcuZnJvbUNoYXJDb2RlKDB4NTgsMHg1MywweDUzKSk8L3NjcmlwdD4iPgor PGlmcmFtZSBzcmM9Imh0dHA6Ly9sb2NhbGhvc3Q6ODAwMC9zZWN1cml0eS94c3NBdWRpdG9yL3Jl c291cmNlcy9lY2hvLWludGVydGFnLnBsP3E9PHNjcmFhYT48c2NyaWFhPjxzY3JpcGE+PHNjcmlw dD5hbGVydChTdHJpbmcuZnJvbUNoYXJDb2RlKDB4NTgsMHg1MywweDUzKSk8L3NjcmlwdD4iPgog PC9pZnJhbWU+CiA8L2JvZHk+CiA8L2h0bWw+Cg==