Source/WebCore:
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Mar 2016 16:02:22 +0000 (16:02 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Mar 2016 16:02:22 +0000 (16:02 +0000)
commit51357ba5a223e229ab3937ff4cf868fa3c9fe499
tree7d215c3df99827ad55d6785a410bdc3d9f42457c
parent2cc18604cb5c576cfc510be85997b4432cfa4f47
Source/WebCore:
SharedBuffer::copy() can cause a segmentation fault.
https://bugs.webkit.org/show_bug.cgi?id=155739

Reviewed by Ryosuke Niwa.

Based on a Blink patch by Huang Dongsung <luxtella@company100.net>.
<https://src.chromium.org/viewvc/blink?revision=153850&view=revision>

After SharedBuffer::copy(), SharedBuffer::append() can cause segmentation fault,
because copy() calls clone->m_buffer.append(m_segments[i], segmentSize) even if
'i' is the last index. The data size of m_segments.last() is often less than
segmentSize. So, in the cloned instance m_size < (m_buffer.size() + SUM(m_segments[i].size())).
This patch appends the exact size of the last segment instead of segmentSize.

Tested by TestWebKitAPI SharedBufferTest::copy

* platform/SharedBuffer.cpp:
(SharedBuffer::copy):

Tools:
[Win] SharedBuffer::copy() can cause a segmentation fault.
https://bugs.webkit.org/show_bug.cgi?id=155739

Reviewed by Ryosuke Niwa.

* TestWebKitAPI/PlatformWin.cmake: Build and run the
SharedBuffer tests.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198530 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/platform/SharedBuffer.cpp
Tools/ChangeLog
Tools/TestWebKitAPI/PlatformWin.cmake