[webkit-reviews] review denied: [Bug 211142] U_STRING_NOT_TERMINATED_WARNING ICU must be handled when using the output buffer as a C string : [Attachment 397904] patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 28 19:52:40 PDT 2020
Mark Lam <mark.lam at apple.com> has denied review:
Bug 211142: U_STRING_NOT_TERMINATED_WARNING ICU must be handled when using the
output buffer as a C string
https://bugs.webkit.org/show_bug.cgi?id=211142
Attachment 397904: patch
https://bugs.webkit.org/attachment.cgi?id=397904&action=review
--- Comment #16 from Mark Lam <mark.lam at apple.com> ---
Comment on attachment 397904
--> https://bugs.webkit.org/attachment.cgi?id=397904
patch
View in context: https://bugs.webkit.org/attachment.cgi?id=397904&action=review
> Source/JavaScriptCore/runtime/IntlObject.cpp:154
> - return String(StringImpl::createStaticStringImpl(buffer.data(),
length));
> + return String(buffer.data(), length);
This is wrong. convertICULocaleToBCP47LanguageTag() is only called from inside
std::call_once guarded blocks i.e. it's meant to produce immortal singleton
strings. Before I changed it to be StringImpl::createStaticStringImpl(), we
had UAFs due to a user of this string freeing it.
More information about the webkit-reviews
mailing list