[webkit-changes] [WebKit/WebKit] 25cee5: Regression(288466 at main) ASSERT(valueLength > 0) is...
Chris Dumez
noreply at github.com
Wed Jan 8 22:18:14 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 25cee58a0e3b7acd0c1fd3271753b193a368fdd7
https://github.com/WebKit/WebKit/commit/25cee58a0e3b7acd0c1fd3271753b193a368fdd7
Author: Chris Dumez <cdumez at apple.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
A LayoutTests/http/tests/text/font-preloading-via-header-empty-value-crash-expected.txt
A LayoutTests/http/tests/text/font-preloading-via-header-empty-value-crash.html
A LayoutTests/http/tests/text/resources/font-preloading-via-header-empty-value-crash-iframe.py
M Source/WebCore/loader/LinkHeader.cpp
Log Message:
-----------
Regression(288466 at main) ASSERT(valueLength > 0) is hit in parseParameterValue()
https://bugs.webkit.org/show_bug.cgi?id=285640
rdar://142559962
Reviewed by Ryosuke Niwa.
In 288466 at main, I updated LinkHeader.cpp's parseParameterValue() to address unsafe buffer warnings.
One of the changes made was to stop using pointer arithmetics and use an index in the span instead.
However, I made a mistake and converted this assertion:
```
ASSERT(valueEnd >= valueStart);
```
into
```
ASSERT(valueLength > 0);
```
The equivalent check would have been `valueLength >= 0` but since `valueLength` is of unsigned
type so it is always true. Therefore, I am dropping the assertion. We already make sure that
`valueLength` is non-zero whenever we decrement it.
* LayoutTests/http/tests/text/font-preloading-via-header-empty-value-crash-expected.txt: Added.
* LayoutTests/http/tests/text/font-preloading-via-header-empty-value-crash.html: Added.
* LayoutTests/http/tests/text/resources/font-preloading-via-header-empty-value-crash-iframe.py: Added.
* Source/WebCore/loader/LinkHeader.cpp:
(WebCore::parseParameterValue):
Canonical link: https://commits.webkit.org/288635@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list