Bug 128068

Summary: graphics/StringTruncator.cpp:172: possible bad array index ?
Product: WebKit Reporter: David Binderman <dcb314>
Component: PlatformAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: ahmad.saleem792, ap, dbates
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   

Description David Binderman 2014-02-02 00:28:42 PST 
I just ran the static analyser "cppcheck" over the source
code of webkitgtk-2.3.4

It said many things, including

[Source/WebCore/platform/graphics/StringTruncator.cpp:172]: (style) Array index 'adjustedStartIndex' is used before limits check.

Source code is

    // Strip single character after ellipsis character, when that character is preceded by a space
    if (adjustedStartIndex < length && string[adjustedStartIndex] != space
        && adjustedStartIndex < length - 1 && string[adjustedStartIndex + 1] == space)
        ++adjustedStartIndex;

Maybe

    if (adjustedStartIndex < length && string[adjustedStartIndex] != space
        && adjustedStartIndex > 0 && string[adjustedStartIndex - 1] == space)

would be better code
Comment 1 Daniel Bates 2014-02-19 13:34:58 PST 
(In reply to comment #0)
> I just ran the static analyser "cppcheck" over the source
> code of webkitgtk-2.3.4
> 
> It said many things, including
> 
> [Source/WebCore/platform/graphics/StringTruncator.cpp:172]: (style) Array index 'adjustedStartIndex' is used before limits check.
> 
> Source code is
> 
>     // Strip single character after ellipsis character, when that character is preceded by a space
>     if (adjustedStartIndex < length && string[adjustedStartIndex] != space
>         && adjustedStartIndex < length - 1 && string[adjustedStartIndex + 1] == space)
>         ++adjustedStartIndex;
> 
> Maybe
> 
>     if (adjustedStartIndex < length && string[adjustedStartIndex] != space
>         && adjustedStartIndex > 0 && string[adjustedStartIndex - 1] == space)
> 
> would be better code

I'm unclear how your proposed change would work given the omission of the body of the if-statement.
Comment 2 Ahmad Saleem 2023-05-27 16:05:11 PDT 
We still have this code:

https://searchfox.org/wubkat/source/Source/WebCore/platform/graphics/StringTruncator.cpp#178

Do we need to action anything?
Comment 3 Alexey Proskuryakov 2023-05-27 16:36:57 PDT 
I don't think that any action is needed. Maybe this code can be rewritten to be slightly nicer, but it's reasonable to only check for buffer overrun here, not for underrun.