[Webkit-unassigned] [Bug 127424] Crashes in setTextForIterator
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 22 10:38:43 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=127424
Brent Fulgham <bfulgham at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #221864|review? |review-
Flag| |
--- Comment #8 from Brent Fulgham <bfulgham at webkit.org> 2014-01-22 10:36:13 PST ---
(From update of attachment 221864)
Looking through the code, there are numerous places where sizeof(buffer) is used, and others where UTextWithBufferInlineCapacity is used.
I think the right fix is to change all the cases of "UTextWithBufferInlineCapacity + 1" to just "UTextWithBufferInlineCapacity". Otherwise, I am concerned that our iterator math will be wrong in some cases resulting in undefined behavior.
The only concern I have with my suggestion is that there are uses where the UTextWithBuffer client assumes that the "UTextWithBufferInlineCapacity" is the number of valid characters, with an implicit extra null "byte" at the end.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list