224942 – [WTF] Undefined behavior warning in StringBuilder::allocateBuffer

Bug 224942 - [WTF] Undefined behavior warning in StringBuilder::allocateBuffer

Summary: [WTF] Undefined behavior warning in StringBuilder::allocateBuffer

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Template Framework (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Lauro Moura

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-04-22 12:49 PDT by Lauro Moura
Modified:	2021-04-23 01:17 PDT (History)
CC List:	8 users (show)

See Also:

Attachments
Patch (1.53 KB, patch) 2021-04-22 13:10 PDT, Lauro Moura	no flags	Details \| Formatted Diff \| Diff
Patch for landing (1.47 KB, patch) 2021-04-22 21:38 PDT, Lauro Moura	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lauro Moura 2021-04-22 12:49:28 PDT

../../Source/WTF/wtf/text/StringBuilder.cpp:115:16: runtime error: null pointer passed as argument 2, which is declared to never be null

This occurs 24 times running the TestWTF executable

To reproduce:

- Compile with usban enabled with the following cmake arg: -DENABLE_SANITIZERS=undefined"
  - ./Tools/Scripts/build-webkit --use-icecream --release --gtk --cmakeargs="-DENABLE_SANITIZERS=undefined"
- Run the stringbuilder append check:
  - ./Tools/Scripts/webkit-flatpak --flatpak-verbose --release -c WebKitBuild/GTK/Release/bin/TestWebKitAPI/TestWTF --gtest_filter=StringBuilderTest.Append

Comment 1 Lauro Moura 2021-04-22 13:10:27 PDT

Created attachment 426843 [details]
Patch

Comment 2 Chris Dumez 2021-04-22 13:17:15 PDT

Comment on attachment 426843 [details]
Patch

r=me

Comment 3 Darin Adler 2021-04-22 14:58:52 PDT

Comment on attachment 426843 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=426843&action=review

> Source/WTF/wtf/text/StringBuilder.cpp:118
> +    auto length = m_length.unsafeGet();
> +    if (length)
> +        std::memcpy(m_bufferCharacters8, currentCharacters, length);

OK as is, but can be done without the local variable:

    if (m_length)
        std::memcpy(m_bufferCharacters8, currentCharacters, m_length.unsafeGet());

If you really like the local, slightly nicer if it’s scoped:

    if (auto length = m_length.unsafeGet())
        std::memcpy(m_bufferCharacters8, currentCharacters, length);

Comment 4 Lauro Moura 2021-04-22 21:38:52 PDT

Created attachment 426886 [details]
Patch for landing

Comment 5 EWS 2021-04-22 22:06:50 PDT

Committed r276485 (236944@main): <https://commits.webkit.org/236944@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 426886 [details].

Comment 6 Radar WebKit Bug Importer 2021-04-23 01:17:11 PDT

<rdar://problem/77061394>