[Webkit-unassigned] [Bug 46695] [Qt] Invalid pointer access & incomplete memcmp in setUpIterator
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 31 12:26:40 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=46695
--- Comment #9 from Andreas Kling <kling at webkit.org> 2011-01-31 12:26:40 PST ---
(In reply to comment #7)
> It seems to me that :
>
> We can recycle the iterator if -
> a) the strings are at the same location in memory, hence identical. A comparison of (string== iterator.string) tests for this.
This is not sufficient. 'string' can be == 'iterator.string' for different strings in the case where the allocator re-uses the same address in a subsequent allocation.
There are two solutions, as I see it. Either we hold a strong reference to the string for the lifetime of the cached iterator or we take a deep copy.
The ref fix is superior since it eliminates the bug and avoids the deep copy. Unfortunately the API of these functions is character/length based, which means that we have no string to bump the refcount on.
Is it possible to alter the setUpIterator() (and friends) API to take String objects instead?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list