Created attachment 74408 [details] Patch

Comment on attachment 74408 [details] Patch r=me

+ // We need to be sure we can double the length without overflowing. + // Since the passed-in length is the length of an actual existing + // string, and we can guarantee that doesn't occupy the entire + // address space, we can just assert here and there's no need for + // a runtime check. + ASSERT(length <= numeric_limits<size_t>::max() / 2); This comment isn't sufficient for me to understand. If the existing string takes 51% of address space, why doesn't doubling that cause an overflow?

(In reply to comment #3) > This comment isn't sufficient for me to understand. If the existing string takes 51% of address space, why doesn't doubling that cause an overflow? The _existing_ string is length*2 bytes large, so we know that length*2 fits in the address space.

(In reply to comment #3) > + // We need to be sure we can double the length without overflowing. > + // Since the passed-in length is the length of an actual existing > + // string, and we can guarantee that doesn't occupy the entire > + // address space, we can just assert here and there's no need for > + // a runtime check. > + ASSERT(length <= numeric_limits<size_t>::max() / 2); > > This comment isn't sufficient for me to understand. If the existing string takes 51% of address space, why doesn't doubling that cause an overflow? If the string’s length was the same as 51% of the address space, the string’s size would be 102% of the address space, since characters are two bytes each. I should refine the comment to make this clearer.

Committed r72831: <http://trac.webkit.org/changeset/72831>