system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-07-21 18:15:58 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

AK: Fix accidentally-quadratic behavior in StringBuilder

Browse source 
Found by OSS Fuzz:
#34451 (old bug)

Related commit: 3908a49661
This commit is contained in:
Ben Wiederhake 2021-05-30 13:10:37 +02:00 committed by Linus Groh
parent 7b4dc590e7
commit 2d011961c9
2 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
AK/ByteBuffer.h
View file

@ -187,6 +187,8 @@ public:
operator Bytes() { return bytes(); }
operator ReadonlyBytes() const { return bytes(); }
ALWAYS_INLINE size_t capacity() const { return is_inline() ? inline_capacity : m_outline_capacity; }
private:
ByteBuffer(size_t size)
{
@ -236,7 +238,6 @@ private:
}
ALWAYS_INLINE bool is_inline() const { return m_size <= inline_capacity; }
ALWAYS_INLINE size_t capacity() const { return is_inline() ? inline_capacity : m_outline_capacity; }
size_t m_size { 0 };
union {

7
AK/StringBuilder.cpp
View file

@ -21,10 +21,11 @@ inline void StringBuilder::will_append(size_t size)
Checked<size_t> needed_capacity = m_length;
needed_capacity += size;
VERIFY(!needed_capacity.has_overflow());
if (needed_capacity <= m_buffer.capacity())
return;
Checked<size_t> expanded_capacity = needed_capacity;
// Prefer to completely use the inline buffer first
if (needed_capacity > inline_capacity)
expanded_capacity *= 2;
expanded_capacity *= 2;
VERIFY(!expanded_capacity.has_overflow());
m_buffer.grow(expanded_capacity.value());
}