130900 – Null pointer crash in String::append(UChar).

Bug 130900 - Null pointer crash in String::append(UChar).

Summary: Null pointer crash in String::append(UChar).

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Template Framework (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-28 10:04 PDT by peavo
Modified:	2014-03-28 10:59 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (1.42 KB, patch) 2014-03-28 10:11 PDT, peavo	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description peavo 2014-03-28 10:04:36 PDT

A couple of days ago, I was getting many null pointer crashes in String::append(UChar).
This can happen if the string is empty (m_impl member == 0), and it is called with a character value less than or equal to 0xff.
In the first line of the method, the is8Bit() method will then be called, which accesses the m_impl member, which is null, causing a crash.
This can be fixed by first checking if the m_impl member is null, in the same way as in the method String::append(LChar).

Comment 1 peavo 2014-03-28 10:11:06 PDT

Created attachment 228061 [details]
Patch

Comment 2 Michael Saboff 2014-03-28 10:22:08 PDT

Comment on attachment 228061 [details]
Patch

r=me

Comment 3 peavo 2014-03-28 10:29:11 PDT

(In reply to comment #2)
> (From update of attachment 228061 [details])
> r=me

Thanks!

Comment 4 WebKit Commit Bot 2014-03-28 10:59:23 PDT

Comment on attachment 228061 [details]
Patch

Clearing flags on attachment: 228061

Committed r166414: <http://trac.webkit.org/changeset/166414>

Comment 5 WebKit Commit Bot 2014-03-28 10:59:27 PDT

All reviewed patches have been landed.  Closing bug.