Bug 128068

Summary: graphics/StringTruncator.cpp:172: possible bad array index ?
Product: WebKit Reporter: David Binderman <dcb314>
Component: PlatformAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: ahmad.saleem792, ap, dbates
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   

David Binderman
Reported 2014-02-02 00:28:42 PST
I just ran the static analyser "cppcheck" over the source code of webkitgtk-2.3.4 It said many things, including [Source/WebCore/platform/graphics/StringTruncator.cpp:172]: (style) Array index 'adjustedStartIndex' is used before limits check. Source code is // Strip single character after ellipsis character, when that character is preceded by a space if (adjustedStartIndex < length && string[adjustedStartIndex] != space && adjustedStartIndex < length - 1 && string[adjustedStartIndex + 1] == space) ++adjustedStartIndex; Maybe if (adjustedStartIndex < length && string[adjustedStartIndex] != space && adjustedStartIndex > 0 && string[adjustedStartIndex - 1] == space) would be better code
Attachments
Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2014-02-19 13:34:58 PST
(In reply to comment #0) > I just ran the static analyser "cppcheck" over the source > code of webkitgtk-2.3.4 > > It said many things, including > > [Source/WebCore/platform/graphics/StringTruncator.cpp:172]: (style) Array index 'adjustedStartIndex' is used before limits check. > > Source code is > > // Strip single character after ellipsis character, when that character is preceded by a space > if (adjustedStartIndex < length && string[adjustedStartIndex] != space > && adjustedStartIndex < length - 1 && string[adjustedStartIndex + 1] == space) > ++adjustedStartIndex; > > Maybe > > if (adjustedStartIndex < length && string[adjustedStartIndex] != space > && adjustedStartIndex > 0 && string[adjustedStartIndex - 1] == space) > > would be better code I'm unclear how your proposed change would work given the omission of the body of the if-statement.
Ahmad Saleem
Comment 2 2023-05-27 16:05:11 PDT
We still have this code: https://searchfox.org/wubkat/source/Source/WebCore/platform/graphics/StringTruncator.cpp#178 Do we need to action anything?
Alexey Proskuryakov
Comment 3 2023-05-27 16:36:57 PDT
I don't think that any action is needed. Maybe this code can be rewritten to be slightly nicer, but it's reasonable to only check for buffer overrun here, not for underrun.
Note You need to log in before you can comment on or make changes to this bug.