Bug 130900

Summary: Null pointer crash in String::append(UChar).
Product: WebKit Reporter: peavo
Component: Web Template FrameworkAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, bfulgham, cmarcelo, commit-queue, msaboff
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

peavo
Reported 2014-03-28 10:04:36 PDT
A couple of days ago, I was getting many null pointer crashes in String::append(UChar). This can happen if the string is empty (m_impl member == 0), and it is called with a character value less than or equal to 0xff. In the first line of the method, the is8Bit() method will then be called, which accesses the m_impl member, which is null, causing a crash. This can be fixed by first checking if the m_impl member is null, in the same way as in the method String::append(LChar).
Attachments
Patch (1.42 KB, patch)
2014-03-28 10:11 PDT, peavo 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
peavo
Comment 1 2014-03-28 10:11:06 PDT
Created attachment 228061 [details] Patch
Michael Saboff
Comment 2 2014-03-28 10:22:08 PDT
Comment on attachment 228061 [details] Patch r=me
peavo
Comment 3 2014-03-28 10:29:11 PDT
(In reply to comment #2) > (From update of attachment 228061 [details]) > r=me Thanks!
WebKit Commit Bot
Comment 4 2014-03-28 10:59:23 PDT
Comment on attachment 228061 [details] Patch Clearing flags on attachment: 228061 Committed r166414: <http://trac.webkit.org/changeset/166414>
WebKit Commit Bot
Comment 5 2014-03-28 10:59:27 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.