RESOLVED FIXED202152
Address static analysis warning in Allocator.cpp: Null pointer argument in call to memory copy function 
https://bugs.webkit.org/show_bug.cgi?id=202152
Summary Address static analysis warning in Allocator.cpp: Null pointer argument in ca...
Keith Rollin
Reported 2019-09-24 11:57:47 PDT
Xcode's static analysis facility flags the following: .../OpenSource/Source/bmalloc/bmalloc/Allocator.cpp:98:5: warning: Null pointer argument in call to memory copy function memcpy(result, object, copySize); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://en.cppreference.com/w/cpp/string/byte/memcpy explains that this is undefined behavior: "If either dest or src is a null pointer, the behavior is undefined, even if count is zero." I suppose that passing in a null source pointer could be bad if the implementation fetched the first source byte to copy before actually checking the number of bytes to copy. So far, it doesn’t seem to be an issue, but we should clean this up. Simply adding "if (result && object)" before the memcpy will add tests and branches in the hot path of this function and so might not be the best solution. Instead, add a little bit of duplicate code earlier in the function at a place where we already know that "object" is NULL.
Attachments
Patch (2.73 KB, patch)
2019-09-24 12:00 PDT, Keith Rollin 		no flags
DetailsFormatted DiffDiff
Patch (2.75 KB, patch)
2019-09-24 14:30 PDT, Keith Rollin 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2019-09-24 11:58:02 PDT
<rdar://problem/55671444>
Keith Rollin
Comment 2 2019-09-24 12:00:56 PDT
Created attachment 379463 [details] Patch
Geoffrey Garen
Comment 3 2019-09-24 13:20:48 PDT
Comment on attachment 379463 [details] Patch I kinda think "if (!object) return allocateImpl(newSize, action);" at the top of the function would read better. Then you can remove the ASSERT that nullptr is a small object too. This function is starting too feel a little too branch-y and early return-y to follow. And there shouldn't be any cost to an up-front null check.
Keith Rollin
Comment 4 2019-09-24 14:30:45 PDT
Created attachment 379492 [details] Patch
Keith Rollin
Comment 5 2019-09-24 14:31:40 PDT
Updated as Geoff describes.
Geoffrey Garen
Comment 6 2019-09-24 16:12:30 PDT
Comment on attachment 379492 [details] Patch r=me
WebKit Commit Bot
Comment 7 2019-09-24 17:14:06 PDT
Comment on attachment 379492 [details] Patch Clearing flags on attachment: 379492 Committed r250325: <https://trac.webkit.org/changeset/250325>
WebKit Commit Bot
Comment 8 2019-09-24 17:14:08 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.