128068 – graphics/StringTruncator.cpp:172: possible bad array index ?

RESOLVED INVALID128068

graphics/StringTruncator.cpp:172: possible bad array index ?

https://bugs.webkit.org/show_bug.cgi?id=128068

Summary graphics/StringTruncator.cpp:172: possible bad array index ?

David Binderman

Reported 2014-02-02 00:28:42 PST

I just ran the static analyser "cppcheck" over the source code of webkitgtk-2.3.4 It said many things, including [Source/WebCore/platform/graphics/StringTruncator.cpp:172]: (style) Array index 'adjustedStartIndex' is used before limits check. Source code is // Strip single character after ellipsis character, when that character is preceded by a space if (adjustedStartIndex < length && string[adjustedStartIndex] != space && adjustedStartIndex < length - 1 && string[adjustedStartIndex + 1] == space) ++adjustedStartIndex; Maybe if (adjustedStartIndex < length && string[adjustedStartIndex] != space && adjustedStartIndex > 0 && string[adjustedStartIndex - 1] == space) would be better code

Attachments
Add attachment proposed patch, testcase, etc.

Daniel Bates

Comment 1 2014-02-19 13:34:58 PST

(In reply to comment #0) > I just ran the static analyser "cppcheck" over the source > code of webkitgtk-2.3.4 > > It said many things, including > > [Source/WebCore/platform/graphics/StringTruncator.cpp:172]: (style) Array index 'adjustedStartIndex' is used before limits check. > > Source code is > > // Strip single character after ellipsis character, when that character is preceded by a space > if (adjustedStartIndex < length && string[adjustedStartIndex] != space > && adjustedStartIndex < length - 1 && string[adjustedStartIndex + 1] == space) > ++adjustedStartIndex; > > Maybe > > if (adjustedStartIndex < length && string[adjustedStartIndex] != space > && adjustedStartIndex > 0 && string[adjustedStartIndex - 1] == space) > > would be better code I'm unclear how your proposed change would work given the omission of the body of the if-statement.

Ahmad Saleem

Comment 2 2023-05-27 16:05:11 PDT

We still have this code: https://searchfox.org/wubkat/source/Source/WebCore/platform/graphics/StringTruncator.cpp#178 Do we need to action anything?

Alexey Proskuryakov

Comment 3 2023-05-27 16:36:57 PDT

I don't think that any action is needed. Maybe this code can be rewritten to be slightly nicer, but it's reasonable to only check for buffer overrun here, not for underrun.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Linux

Product WebKit

Component Platform

Assignee

Nobody

Reported

2014-02-02 00:28 PST

Modified

2023-05-27 16:36 PDT History

CC List

3 users Show

URL

Keywords

Depends on

Blocks