Bug 190187

Summary: Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, cdumez, cmarcelo, commit-queue, darin, dbates, ews-watchlist, fpizlo, jfbastien, keith_miller, msaboff, rmorisset, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 190392    
Attachments:
Description Flags
proposed patch.
none
proposed patch. none

Mark Lam
Reported 2018-10-01 23:44:06 PDT
<rdar://problem/42512909>
Attachments
proposed patch. (15.19 KB, patch)
2018-10-02 13:59 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
proposed patch. (15.47 KB, patch)
2018-10-02 14:43 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2018-10-02 13:06:42 PDT
*** Bug 165790 has been marked as a duplicate of this bug. ***
Mark Lam
Comment 2 2018-10-02 13:59:01 PDT
Created attachment 351437 [details] proposed patch. Let's get some EWS testing first.
Mark Lam
Comment 3 2018-10-02 14:43:20 PDT
Created attachment 351441 [details] proposed patch.
Mark Lam
Comment 4 2018-10-02 15:55:22 PDT
Comment on attachment 351441 [details] proposed patch. I think this is ready for a code review. Let's get some feedback.
Darin Adler
Comment 5 2018-10-02 18:29:40 PDT
Comment on attachment 351441 [details] proposed patch. How did you chose INT_MAX over UINT_MAX?
Mark Lam
Comment 6 2018-10-02 19:02:21 PDT
(In reply to Darin Adler from comment #5) > Comment on attachment 351441 [details] > proposed patch. > > How did you chose INT_MAX over UINT_MAX? 1. Most of the existing code (and tests) are already configured to check and test for a limit of INT_MAX. 2. We don't gain much by switching to UINT_MAX, because I don't think anyone would reasonably expect to work with a 2G (let alone 4G) length string except for realistic workloads. The only times when one would typically work with strings that large are either for testing edge cases, or for malicious purposes in an attempt to break the system. 3. I ran the choices by Filip, and he chose INT_MAX. We can certainly make UINT_MAX work, but I suspect it will be a larger change (possibly with greater risk of bugs) and it doesn't buy us much.
Mark Lam
Comment 7 2018-10-02 19:04:35 PDT
(In reply to Mark Lam from comment #6) > 2. We don't gain much by switching to UINT_MAX, because I don't think anyone > would reasonably expect to work with a 2G (let alone 4G) length string > except for realistic workloads. Sorry, that's a typo: the "except" should not be there. I meant to say "I don't think anyone would reasonably expect to work with a 2G (let alone 4G) length string for realistic workloads."
Michael Saboff
Comment 8 2018-10-03 11:01:31 PDT
Comment on attachment 351441 [details] proposed patch. r=me
Mark Lam
Comment 9 2018-10-03 11:02:53 PDT
Comment on attachment 351441 [details] proposed patch. Thanks for the review. Landing now.
WebKit Commit Bot
Comment 10 2018-10-03 11:29:03 PDT
Comment on attachment 351441 [details] proposed patch. Clearing flags on attachment: 351441 Committed r236804: <https://trac.webkit.org/changeset/236804>
WebKit Commit Bot
Comment 11 2018-10-03 11:29:05 PDT
All reviewed patches have been landed. Closing bug.
Darin Adler
Comment 12 2018-10-07 21:24:40 PDT
Comment on attachment 351441 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=351441&action=review > Source/WTF/wtf/text/StringConcatenate.h:145 > + RELEASE_ASSERT(length <= String::MaxLength); This seems not quite right. Either we are safe and no one could ever pass a super-colossal string, so we don’t need this RELEASE_ASSERT, or we aren’t safe, in which case we need to make sure that length didn’t overflow above, because some super-colossal strings could overflow. Same thinking applies above in the LChar version of this adapter.
Mark Lam
Comment 13 2018-10-07 22:02:32 PDT
Comment on attachment 351441 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=351441&action=review >> Source/WTF/wtf/text/StringConcatenate.h:145 >> + RELEASE_ASSERT(length <= String::MaxLength); > > This seems not quite right. > > Either we are safe and no one could ever pass a super-colossal string, so we don’t need this RELEASE_ASSERT, or we aren’t safe, in which case we need to make sure that length didn’t overflow above, because some super-colossal strings could overflow. > > Same thinking applies above in the LChar version of this adapter. Good catch. The length check was never correct to begin with. This RELEASE_ASSERT is bug compatible with the previous code. I'll create a new patch with a fix. Thanks again for the catch.
Mark Lam
Comment 14 2018-10-08 21:52:42 PDT
(In reply to Darin Adler from comment #12) > Comment on attachment 351441 [details] > proposed patch. > > View in context: > https://bugs.webkit.org/attachment.cgi?id=351441&action=review > > > Source/WTF/wtf/text/StringConcatenate.h:145 > > + RELEASE_ASSERT(length <= String::MaxLength); > > This seems not quite right. I'll fix this in https://bugs.webkit.org/show_bug.cgi?id=190392.
Note You need to log in before you can comment on or make changes to this bug.