[webkit-changes] [WebKit/WebKit] 7eeeca: [Hardening] Add bounds check to StringView::operat...
Chris Dumez
noreply at github.com
Sat Oct 21 14:17:07 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7eeecadfc0089a16915bad65ac206d82d16f5795
https://github.com/WebKit/WebKit/commit/7eeecadfc0089a16915bad65ac206d82d16f5795
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-10-21 (Sat, 21 Oct 2023)
Changed paths:
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/JavaScriptCore/runtime/JSStringJoiner.cpp
M Source/JavaScriptCore/runtime/PropertyName.h
M Source/WTF/wtf/text/StringImpl.h
M Source/WTF/wtf/text/StringView.h
Log Message:
-----------
[Hardening] Add bounds check to StringView::operator[]
https://bugs.webkit.org/show_bug.cgi?id=263491
Reviewed by Darin Adler.
Add bounds check to StringView::operator[] and StringView::charactersAt() as a
hardening measure.
This patch was initialized a performance regression on Speedometer and Jetstream.
I used a profiler to find the call sites in hot code path and moved them away
from StringView::operator[].
As it stands, this patch is performance-neutral on Speedometer and Jetstream on
the various hardware models I A/B tested on.
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:
(JSC::toDouble):
(JSC::jsToNumber):
* Source/JavaScriptCore/runtime/JSStringJoiner.cpp:
(JSC::appendStringToData):
(JSC::joinStrings):
(JSC::JSStringJoiner::joinSlow):
* Source/JavaScriptCore/runtime/PropertyName.h:
(JSC::fastIsCanonicalNumericIndexString):
(JSC::isCanonicalNumericIndexString):
* Source/WTF/wtf/text/StringImpl.h:
(WTF::StringImpl::span8 const):
(WTF::StringImpl::span16 const):
* Source/WTF/wtf/text/StringView.h:
(WTF::StringView::characterAt const):
(WTF::StringView::unsafeCharacterAt const):
(WTF::StringView::CodeUnits::Iterator::operator* const):
(WTF::findCommon):
Canonical link: https://commits.webkit.org/269630@main
More information about the webkit-changes
mailing list