[Webkit-unassigned] [Bug 140427] New: Correct calculation of 16-bit text iterator decode offsets

Tue Jan 13 20:49:54 PST 2015

https://bugs.webkit.org/show_bug.cgi?id=140427

            Bug ID: 140427
           Summary: Correct calculation of 16-bit text iterator decode
                    offsets
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: bfulgham at webkit.org

The TextCodecUTF8 and TextCodecLatin1 decoding routines have a calculation error in the update to the 'destination16' memory location. This was found by static analysis of the code.

The 'destination16' variable (in both files) is a pointer to a 16-bit character value, while the 'source' value is an 8-bit value.

We updated the 'source' pointer by incrementing it by the sizeof(MachineWord), which is the number of UTF8 characters we have consumed during the decode.

However, the 'destination16' variable is a UChar* (a 16-bit value). If we increment it by the number of bytes, that has the effect of moving us twice the number of 16-bit characters than we should be.

We should be incrementing by sizeof(MachineWord) / sizeof(UChar).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150114/b32b9d7c/attachment-0002.html>