[webkit-reviews] review denied: [Bug 127424] Crashes in setTextForIterator : [Attachment 221864] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 22 10:38:43 PST 2014
Brent Fulgham <bfulgham at webkit.org> has denied peavo at outlook.com's request for
review:
Bug 127424: Crashes in setTextForIterator
https://bugs.webkit.org/show_bug.cgi?id=127424
Attachment 221864: Patch
https://bugs.webkit.org/attachment.cgi?id=221864&action=review
------- Additional Comments from Brent Fulgham <bfulgham at webkit.org>
Looking through the code, there are numerous places where sizeof(buffer) is
used, and others where UTextWithBufferInlineCapacity is used.
I think the right fix is to change all the cases of
"UTextWithBufferInlineCapacity + 1" to just "UTextWithBufferInlineCapacity".
Otherwise, I am concerned that our iterator math will be wrong in some cases
resulting in undefined behavior.
The only concern I have with my suggestion is that there are uses where the
UTextWithBuffer client assumes that the "UTextWithBufferInlineCapacity" is the
number of valid characters, with an implicit extra null "byte" at the end.
More information about the webkit-reviews
mailing list