<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - JSString::value() should return the empty string when out of memory."
href="https://bugs.webkit.org/show_bug.cgi?id=154540">154540</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>JSString::value() should return the empty string when out of memory.
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Local Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>mark.lam@apple.com
</td>
</tr></table>
<p>
<div>
<pre>The current implementation of JString::value() returns a null string when it fails to resolve its rope in the event of an OutOfMemory error. This can result in null pointer dereferences if callers of the function uses the returned string without checking first for an exception or if the string is null. We can make the code more resilient against such null pointer dereferences by having JSString::value() return an empty string instead of a null string. Callers that previously checked for a null string (as an indication of the OutOfMemory error) can now check for an exception instead.
This task will do an audit of all uses of JSString::value() in the project and:
1. make sure that the uses are not dependent on the return string being null, and hence is ok with it returning an empty string.
2. add exception checks where needed.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>