[webkit-changes] [WebKit/WebKit] 42a202: [WTF] Add LIFETIME_BOUND to CString.h methods
Commit Queue
noreply at github.com
Thu Jan 9 17:36:32 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 42a2020bba6931e7c7d0d38cabf3f831bcf3bc94
https://github.com/WebKit/WebKit/commit/42a2020bba6931e7c7d0d38cabf3f831bcf3bc94
Author: David Kilzer <ddkilzer at apple.com>
Date: 2025-01-09 (Thu, 09 Jan 2025)
Changed paths:
M Source/JavaScriptCore/tools/VMInspector.cpp
M Source/WTF/wtf/text/CString.h
M Source/WTF/wtf/text/StringConcatenate.h
M Source/WTF/wtf/text/TextStream.cpp
M Source/WTF/wtf/text/TextStream.h
M Source/WebCore/platform/graphics/BitmapImage.h
M Source/WebCore/platform/graphics/BitmapImageSource.cpp
M Source/WebCore/platform/graphics/BitmapImageSource.h
M Source/WebCore/platform/graphics/ImageFrameAnimator.cpp
M Source/WebCore/platform/graphics/ImageFrameAnimator.h
M Source/WebCore/platform/graphics/ImageFrameWorkQueue.cpp
Log Message:
-----------
[WTF] Add LIFETIME_BOUND to CString.h methods
<https://bugs.webkit.org/show_bug.cgi?id=280809>
<rdar://137179585>
Reviewed by Darin Adler.
* Source/JavaScriptCore/tools/VMInspector.cpp:
(JSC::VMInspector::dumpRegisters):
- Fix use-after-free by storing CString on the stack instead of the
const char* pointer.
* Source/WTF/wtf/text/CString.h:
- Add LIFETIME_BOUND attributes to methods that return pointers or
references to inner data.
* Source/WTF/wtf/text/StringConcatenate.h:
(WTF::StringTypeAdapter<CString, void>): Add.
* Source/WTF/wtf/text/TextStream.cpp:
(WTF::TextStream::operator<<): Add.
* Source/WTF/wtf/text/TextStream.h:
(WTF::TextStream::operator<<): Add.
- Add support for CString objects.
* Source/WebCore/platform/graphics/BitmapImage.h:
(WebCore::BitmapImage::sourceUTF8 const):
* Source/WebCore/platform/graphics/BitmapImageSource.cpp:
(WebCore::BitmapImageSource::destroyDecodedData):
(WebCore::BitmapImageSource::stopDecodingWorkQueue):
(WebCore::BitmapImageSource::decode):
(WebCore::BitmapImageSource::imageFrameDecodeAtIndexHasFinished):
(WebCore::BitmapImageSource::requestNativeImageAtIndex):
(WebCore::BitmapImageSource::requestNativeImageAtIndexIfNeeded):
(WebCore::BitmapImageSource::nativeImageAtIndexCacheIfNeeded):
(WebCore::BitmapImageSource::sourceUTF8 const):
* Source/WebCore/platform/graphics/BitmapImageSource.h:
(WebCore::BitmapImageSource::sourceUTF8 const):
* Source/WebCore/platform/graphics/ImageFrameAnimator.cpp:
(WebCore::ImageFrameAnimator::startAnimation):
(WebCore::ImageFrameAnimator::advanceAnimation):
(WebCore::ImageFrameAnimator::sourceUTF8 const):
* Source/WebCore/platform/graphics/ImageFrameAnimator.h:
(WebCore::ImageFrameAnimator::sourceUTF8 const):
* Source/WebCore/platform/graphics/ImageFrameWorkQueue.cpp:
(WebCore::ImageFrameWorkQueue::start):
(WebCore::ImageFrameWorkQueue::stop):
- Change return type of sourceUTF8() methods to CString to keep the
string alive until it's needed for logging. This fixes the
use-after-free in the original BitmapImage::sourceUTF8() method.
- Add call to CString::data() when logging.
Originally-landed-as: 283286.185 at safari-7620-branch (fb73615833e6). rdar://141323047
Canonical link: https://commits.webkit.org/288678@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list