TestWebKitAPI crashed in TestWebKitAPI: TestWebKitAPI::SharedBufferTest_copyBufferCreatedWithContentsOfExistingFile_Test::TestBody with ASan enabled. The bug is that strnstr() assumes the second argument is null-terminated, and the implementation of strnstr() on OS X calls strlen() on the second argument. This causes an out-of-bounds read if the memory after the second argument doesn't happen to contain a NULL character.
<rdar://problem/23409384>
Created attachment 264864 [details] Patch v1
Comment on attachment 264864 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=264864&action=review > Tools/TestWebKitAPI/Tests/WebCore/SharedBuffer.cpp:95 > + EXPECT_GT(buffer->size(), 0); Maybe EXPECT_TRUE(!!buffer->size()); will make mac bots happy?
Comment on attachment 264864 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=264864&action=review >> Tools/TestWebKitAPI/Tests/WebCore/SharedBuffer.cpp:95 >> + EXPECT_GT(buffer->size(), 0); > > Maybe EXPECT_TRUE(!!buffer->size()); will make mac bots happy? Itβs also possible that 0U instead of 0 will work.
Created attachment 264881 [details] Patch to fix build failures
Committed r192085: <http://trac.webkit.org/changeset/192085>