Bug 224942

Summary: [WTF] Undefined behavior warning in StringBuilder::allocateBuffer
Product: WebKit Reporter: Lauro Moura <lmoura>
Component: Web Template FrameworkAssignee: Lauro Moura <lmoura>
Status: RESOLVED FIXED    
Severity: Normal CC: aperez, benjamin, bugs-noreply, cdumez, cmarcelo, darin, ews-watchlist, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch for landing none

Description Lauro Moura 2021-04-22 12:49:28 PDT 
../../Source/WTF/wtf/text/StringBuilder.cpp:115:16: runtime error: null pointer passed as argument 2, which is declared to never be null

This occurs 24 times running the TestWTF executable

To reproduce:

- Compile with usban enabled with the following cmake arg: -DENABLE_SANITIZERS=undefined"
  - ./Tools/Scripts/build-webkit --use-icecream --release --gtk --cmakeargs="-DENABLE_SANITIZERS=undefined"
- Run the stringbuilder append check:
  - ./Tools/Scripts/webkit-flatpak --flatpak-verbose --release -c WebKitBuild/GTK/Release/bin/TestWebKitAPI/TestWTF --gtest_filter=StringBuilderTest.Append
Comment 1 Lauro Moura 2021-04-22 13:10:27 PDT 
Created attachment 426843 [details]
Patch
Comment 2 Chris Dumez 2021-04-22 13:17:15 PDT 
Comment on attachment 426843 [details]
Patch

r=me
Comment 3 Darin Adler 2021-04-22 14:58:52 PDT 
Comment on attachment 426843 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=426843&action=review

> Source/WTF/wtf/text/StringBuilder.cpp:118
> +    auto length = m_length.unsafeGet();
> +    if (length)
> +        std::memcpy(m_bufferCharacters8, currentCharacters, length);

OK as is, but can be done without the local variable:

    if (m_length)
        std::memcpy(m_bufferCharacters8, currentCharacters, m_length.unsafeGet());

If you really like the local, slightly nicer if it’s scoped:

    if (auto length = m_length.unsafeGet())
        std::memcpy(m_bufferCharacters8, currentCharacters, length);
Comment 4 Lauro Moura 2021-04-22 21:38:52 PDT 
Created attachment 426886 [details]
Patch for landing
Comment 5 EWS 2021-04-22 22:06:50 PDT 
Committed r276485 (236944@main): <https://commits.webkit.org/236944@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 426886 [details].
Comment 6 Radar WebKit Bug Importer 2021-04-23 01:17:11 PDT 
<rdar://problem/77061394>