Bug 281917

Summary:	WTF::StringImpl::createSubstringSharingImpl() should use std::span instead of pointer math
Product:	WebKit	Reporter:	David Kilzer (:ddkilzer) <ddkilzer>
Component:	Web Template Framework	Assignee:	David Kilzer (:ddkilzer) <ddkilzer>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	Other
Hardware:	Unspecified
OS:	Unspecified
See Also:	https://bugs.webkit.org/show_bug.cgi?id=281892 https://bugs.webkit.org/show_bug.cgi?id=281919

David Kilzer (:ddkilzer)

Reported 2024-10-22 13:55:38 PDT

WTF::StringImpl::createSubstringSharingImpl() should use std::span instead of pointer math. Code like this avoids bounds checks: ``` if (substringSize >= allocationSize<LChar>(length)) return create(std::span { rep.m_data8 + offset, length }); ``` Found by std::span clang static analysis checker under development.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2024-10-22 13:56:16 PDT

<rdar://problem/138429112>

David Kilzer (:ddkilzer)

Comment 2 2024-10-22 13:59:23 PDT

Pull request: https://github.com/WebKit/WebKit/pull/35581

EWS

Comment 3 2024-10-22 18:31:59 PDT

Committed 285581@main (e36a18c89230): <https://commits.webkit.org/285581@main> Reviewed commits have been landed. Closing PR #35581 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.