Out of bounds read in IdentifierArena::makeIdentifier
Alexey says: IdentifierArena::makeIdentifier is sometimes called with an empty string, in which case it creates the identifier from garbage memory. Steps to reproduce: 1. Add ASSERT(length > 0); to IdentifierArena::makeIdentifier. 2. Open https://bugs.webkit.org/enter_bug.cgi?product=WebKit Results: the assertion fails. This out of bounds read is not harmless, because the value affects logic in this function, and then goes into an actual identifier. IdentifierArena::makeIdentifierLCharFromUChar has the same problem.
<rdar://problem/19437703>
Created attachment 244479 [details] Patch
Comment on attachment 244479 [details] Patch Alexey wrote and tested this patch. I tested it some more, and reviewed it.
Committed r178311: <http://trac.webkit.org/changeset/178311>