Bug 224942 - [WTF] Undefined behavior warning in StringBuilder::allocateBuffer
Summary: [WTF] Undefined behavior warning in StringBuilder::allocateBuffer
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Template Framework (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Lauro Moura
Keywords: InRadar
Depends on:
Reported: 2021-04-22 12:49 PDT by Lauro Moura
Modified: 2021-04-23 01:17 PDT (History)
8 users (show)

See Also:

Patch (1.53 KB, patch)
2021-04-22 13:10 PDT, Lauro Moura
no flags Details | Formatted Diff | Diff
Patch for landing (1.47 KB, patch)
2021-04-22 21:38 PDT, Lauro Moura
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Lauro Moura 2021-04-22 12:49:28 PDT
../../Source/WTF/wtf/text/StringBuilder.cpp:115:16: runtime error: null pointer passed as argument 2, which is declared to never be null

This occurs 24 times running the TestWTF executable

To reproduce:

- Compile with usban enabled with the following cmake arg: -DENABLE_SANITIZERS=undefined"
  - ./Tools/Scripts/build-webkit --use-icecream --release --gtk --cmakeargs="-DENABLE_SANITIZERS=undefined"
- Run the stringbuilder append check:
  - ./Tools/Scripts/webkit-flatpak --flatpak-verbose --release -c WebKitBuild/GTK/Release/bin/TestWebKitAPI/TestWTF --gtest_filter=StringBuilderTest.Append
Comment 1 Lauro Moura 2021-04-22 13:10:27 PDT
Created attachment 426843 [details]
Comment 2 Chris Dumez 2021-04-22 13:17:15 PDT
Comment on attachment 426843 [details]

Comment 3 Darin Adler 2021-04-22 14:58:52 PDT
Comment on attachment 426843 [details]

View in context: https://bugs.webkit.org/attachment.cgi?id=426843&action=review

> Source/WTF/wtf/text/StringBuilder.cpp:118
> +    auto length = m_length.unsafeGet();
> +    if (length)
> +        std::memcpy(m_bufferCharacters8, currentCharacters, length);

OK as is, but can be done without the local variable:

    if (m_length)
        std::memcpy(m_bufferCharacters8, currentCharacters, m_length.unsafeGet());

If you really like the local, slightly nicer if it’s scoped:

    if (auto length = m_length.unsafeGet())
        std::memcpy(m_bufferCharacters8, currentCharacters, length);
Comment 4 Lauro Moura 2021-04-22 21:38:52 PDT
Created attachment 426886 [details]
Patch for landing
Comment 5 EWS 2021-04-22 22:06:50 PDT
Committed r276485 (236944@main): <https://commits.webkit.org/236944@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 426886 [details].
Comment 6 Radar WebKit Bug Importer 2021-04-23 01:17:11 PDT