Bug 141352 - ASan complains about plugins/snapshotting/snapshot-plugin-not-quite-blocked-by-image.html
Summary: ASan complains about plugins/snapshotting/snapshot-plugin-not-quite-blocked-b...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alexey Proskuryakov
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2015-02-06 23:25 PST by Alexey Proskuryakov
Modified: 2015-02-07 12:56 PST (History)
6 users (show)

See Also:

Attachments
proposed fix (1.38 KB, patch)
2015-02-06 23:31 PST, Alexey Proskuryakov 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Proskuryakov 2015-02-06 23:25:43 PST 
ASan complains about an out of bounds read on plugins/snapshotting/snapshot-plugin-not-quite-blocked-by-image.html

rdar://problem/19717490
Comment 1 Alexey Proskuryakov 2015-02-06 23:31:57 PST 
Created attachment 246200 [details]
proposed fix
Comment 2 Alexey Proskuryakov 2015-02-07 11:36:50 PST 
I'm going to assume that the Windows EWS failure is a random flake. The actual error is not visible in the truncated log.
Comment 3 WebKit Commit Bot 2015-02-07 12:21:29 PST 
Comment on attachment 246200 [details]
proposed fix

Clearing flags on attachment: 246200

Committed r179783: <http://trac.webkit.org/changeset/179783>
Comment 4 WebKit Commit Bot 2015-02-07 12:21:36 PST 
All reviewed patches have been landed.  Closing bug.
Comment 5 Darin Adler 2015-02-07 12:55:46 PST 
Comment on attachment 246200 [details]
proposed fix

View in context: https://bugs.webkit.org/attachment.cgi?id=246200&action=review

> Source/WebCore/dom/Document.cpp:6274
> +        jsString = String(plugInsJavaScript, sizeof(plugInsJavaScript));

It would be more efficient to call StringImpl::createWithoutCopying here instead of the String constructor. No need to copy the file.
Comment 6 Darin Adler 2015-02-07 12:56:02 PST 
Comment on attachment 246200 [details]
proposed fix

View in context: https://bugs.webkit.org/attachment.cgi?id=246200&action=review

>> Source/WebCore/dom/Document.cpp:6274
>> +        jsString = String(plugInsJavaScript, sizeof(plugInsJavaScript));
> 
> It would be more efficient to call StringImpl::createWithoutCopying here instead of the String constructor. No need to copy the file.

Copy the characters, I mean.