RESOLVED FIXED309163
REGRESSION(308608@main): [JSC] Clang 21 reports unsafe buffer usage warnings 
https://bugs.webkit.org/show_bug.cgi?id=309163
Summary REGRESSION(308608@main): [JSC] Clang 21 reports unsafe buffer usage warnings
Adrian Perez
Reported 2026-03-04 07:13:46 PST
They are listed as warnings because I was building without -Werror. Bots didn't catch this because they use Clang 18 and these diagnostics have been improving since. We should tackle those before updating the Clang version used by the bots, because they build with -Werror: ../Source/JavaScriptCore/API/glib/JSCContext.cpp:882:98: warning: the two-parameter std::span construction is unsafe as it can introduce mismatch between buffer size and the bound information [-Wunsafe-buffer-usage-in-container] 882 | JSValueRef result = evaluateScriptInContext(context->priv->jsContext.get(), String::fromUTF8(std::span(code, length < 0 ? strlen(code) : length)), uri, lineNumber, &exception); | ^ ../Source/JavaScriptCore/API/glib/JSCContext.cpp:882:127: warning: function 'strlen' is unsafe [-Wunsafe-buffer-usage-in-libc-call] 882 | JSValueRef result = evaluateScriptInContext(context->priv->jsContext.get(), String::fromUTF8(std::span(code, length < 0 ? strlen(code) : length)), uri, lineNumber, &exception); | ^~~~~~~~~~~~ ../Source/JavaScriptCore/API/glib/JSCContext.cpp:922:87: warning: the two-parameter std::span construction is unsafe as it can introduce mismatch between buffer size and the bound information [-Wunsafe-buffer-usage-in-container] 922 | JSValueRef result = evaluateScriptInContext(objectContext.get(), String::fromUTF8(std::span(code, length < 0 ? strlen(code) : length)), uri, lineNumber, &exception); | ^ ../Source/JavaScriptCore/API/glib/JSCContext.cpp:922:116: warning: function 'strlen' is unsafe [-Wunsafe-buffer-usage-in-libc-call] 922 | JSValueRef result = evaluateScriptInContext(objectContext.get(), String::fromUTF8(std::span(code, length < 0 ? strlen(code) : length)), uri, lineNumber, &exception); | ^~~~~~~~~~~~ ../Source/JavaScriptCore/API/glib/JSCContext.cpp:982:63: warning: the two-parameter std::span construction is unsafe as it can introduce mismatch between buffer size and the bound information [-Wunsafe-buffer-usage-in-container] 982 | JSC::SourceCode source = JSC::makeSource(String::fromUTF8(std::span(code, length < 0 ? strlen(code) : length)), JSC::SourceOrigin { sourceURL }, JSC::SourceTaintedOrigin::Untainted, | ^ ../Source/JavaScriptCore/API/glib/JSCContext.cpp:982:92: warning: function 'strlen' is unsafe [-Wunsafe-buffer-usage-in-libc-call] 982 | JSC::SourceCode source = JSC::makeSource(String::fromUTF8(std::span(code, length < 0 ? strlen(code) : length)), JSC::SourceOrigin { sourceURL }, JSC::SourceTaintedOrigin::Untainted, | ^~~~~~~~~~~~ 6 warnings generated.
Attachments
Add attachment proposed patch, testcase, etc.
Adrian Perez
Comment 1 2026-03-04 07:16:25 PST
Pull request: https://github.com/WebKit/WebKit/pull/59889
EWS
Comment 2 2026-03-05 02:23:59 PST
Committed 308689@main (d93be1ab7ae7): <https://commits.webkit.org/308689@main> Reviewed commits have been landed. Closing PR #59889 and removing active labels.
Radar WebKit Bug Importer
Comment 3 2026-03-05 02:24:12 PST
<rdar://problem/171794956>
Note You need to log in before you can comment on or make changes to this bug.