Bug 150931

Summary: TestWebKitAPI crashed in TestWebKitAPI: TestWebKitAPI::SharedBufferTest_copyBufferCreatedWithContentsOfExistingFile_Test::TestBody
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: Tools / TestsAssignee: David Kilzer (:ddkilzer) <ddkilzer>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, commit-queue, darin, lforschler, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch v1
youennf: review+
Patch to fix build failures none

Description David Kilzer (:ddkilzer) 2015-11-05 06:54:05 PST 
TestWebKitAPI crashed in TestWebKitAPI: TestWebKitAPI::SharedBufferTest_copyBufferCreatedWithContentsOfExistingFile_Test::TestBody with ASan enabled.

The bug is that strnstr() assumes the second argument is null-terminated, and the implementation of strnstr() on OS X calls strlen() on the second argument.  This causes an out-of-bounds read if the memory after the second argument doesn't happen to contain a NULL character.
Comment 1 David Kilzer (:ddkilzer) 2015-11-05 06:54:17 PST 
<rdar://problem/23409384>
Comment 2 David Kilzer (:ddkilzer) 2015-11-05 07:09:49 PST 
Created attachment 264864 [details]
Patch v1
Comment 3 youenn fablet 2015-11-05 07:37:44 PST 
Comment on attachment 264864 [details]
Patch v1

View in context: https://bugs.webkit.org/attachment.cgi?id=264864&action=review

> Tools/TestWebKitAPI/Tests/WebCore/SharedBuffer.cpp:95
> +    EXPECT_GT(buffer->size(), 0);

Maybe EXPECT_TRUE(!!buffer->size()); will make mac bots happy?
Comment 4 Darin Adler 2015-11-05 08:36:20 PST 
Comment on attachment 264864 [details]
Patch v1

View in context: https://bugs.webkit.org/attachment.cgi?id=264864&action=review

>> Tools/TestWebKitAPI/Tests/WebCore/SharedBuffer.cpp:95
>> +    EXPECT_GT(buffer->size(), 0);
> 
> Maybe EXPECT_TRUE(!!buffer->size()); will make mac bots happy?

It’s also possible that 0U instead of 0 will work.
Comment 5 David Kilzer (:ddkilzer) 2015-11-05 14:05:39 PST 
Created attachment 264881 [details]
Patch to fix build failures
Comment 6 David Kilzer (:ddkilzer) 2015-11-05 15:22:10 PST 
Committed r192085: <http://trac.webkit.org/changeset/192085>