[webkit-changes] [WebKit/WebKit] 292b12: REGRESSION(286813 at main): buffer-overrun in StringB...
Chris Dumez
noreply at github.com
Thu Jan 23 11:10:06 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 292b123640f83789ad52fa5191470df9af7182d7
https://github.com/WebKit/WebKit/commit/292b123640f83789ad52fa5191470df9af7182d7
Author: Chris Dumez <cdumez at apple.com>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M Source/WTF/wtf/text/StringBuilder.cpp
M Source/WTF/wtf/text/StringBuilderInternals.h
Log Message:
-----------
REGRESSION(286813 at main): buffer-overrun in StringBuilder::shrink
https://bugs.webkit.org/show_bug.cgi?id=286411
rdar://143495334
Reviewed by Darin Adler.
When calling StringBuilder::shrink(), we call allocateBuffer() to
allocate a smaller buffer. However, we were passing a span containing
ALL existing characters to copy, instead of just the ones that need
to be copied after shrinking.
* Source/WTF/wtf/text/StringBuilder.cpp:
(WTF::StringBuilder::shrink):
* Source/WTF/wtf/text/StringBuilderInternals.h:
(WTF::StringBuilder::allocateBuffer):
Canonical link: https://commits.webkit.org/289304@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list