[webkit-changes] [293693] trunk/Source/JavaScriptCore

[ysuzuki]

Title: [293693] trunk/Source/_javascript_Core

Revision

293693

Author

ysuz...@apple.com

Date

2022-05-02 15:58:40 -0700 (Mon, 02 May 2022)

Log Message

[JSC] Fix ASan crash due to CString ownership
https://bugs.webkit.org/show_bug.cgi?id=239981

Reviewed by Darin Adler and Mark Lam.

We need to ensure that CString is kept alive.

* runtime/JSDateMath.cpp:
(JSC::DateCache::timeZoneDisplayName):

Canonical link: https://commits.webkit.org/250189@main

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/JSDateMath.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (293692 => 293693)

--- trunk/Source/_javascript_Core/ChangeLog	2022-05-02 22:49:23 UTC (rev 293692)
+++ trunk/Source/_javascript_Core/ChangeLog	2022-05-02 22:58:40 UTC (rev 293693)
@@ -1,3 +1,15 @@
+2022-05-02  Yusuke Suzuki  <ysuz...@apple.com>
+
+        [JSC] Fix ASan crash due to CString ownership
+        https://bugs.webkit.org/show_bug.cgi?id=239981
+
+        Reviewed by Darin Adler and Mark Lam.
+
+        We need to ensure that CString is kept alive.
+
+        * runtime/JSDateMath.cpp:
+        (JSC::DateCache::timeZoneDisplayName):
+
 2022-05-02  Justin Michaud  <justin_mich...@apple.com>
 
         Add option to JSC shell to wait for a USR2 signal before exiting to aid in collection of vmmaps

Modified: trunk/Source/_javascript_Core/runtime/JSDateMath.cpp (293692 => 293693)

--- trunk/Source/_javascript_Core/runtime/JSDateMath.cpp	2022-05-02 22:49:23 UTC (rev 293692)
+++ trunk/Source/_javascript_Core/runtime/JSDateMath.cpp	2022-05-02 22:58:40 UTC (rev 293693)
@@ -370,17 +370,16 @@
     if (m_timeZoneStandardDisplayNameCache.isNull()) {
 #if HAVE(ICU_C_TIMEZONE_API)
         auto& timeZoneCache = *this->timeZoneCache();
-        String languageString = defaultLanguage();
-        const char* language = languageString.utf8().data();
+        CString language = defaultLanguage().utf8();
         {
             Vector<UChar, 32> standardDisplayNameBuffer;
-            auto status = callBufferProducingFunction(ucal_getTimeZoneDisplayName, timeZoneCache.m_calendar.get(), UCAL_STANDARD, language, standardDisplayNameBuffer);
+            auto status = callBufferProducingFunction(ucal_getTimeZoneDisplayName, timeZoneCache.m_calendar.get(), UCAL_STANDARD, language.data(), standardDisplayNameBuffer);
             if (U_SUCCESS(status))
                 m_timeZoneStandardDisplayNameCache = String::adopt(WTFMove(standardDisplayNameBuffer));
         }
         {
             Vector<UChar, 32> dstDisplayNameBuffer;
-            auto status = callBufferProducingFunction(ucal_getTimeZoneDisplayName, timeZoneCache.m_calendar.get(), UCAL_DST, language, dstDisplayNameBuffer);
+            auto status = callBufferProducingFunction(ucal_getTimeZoneDisplayName, timeZoneCache.m_calendar.get(), UCAL_DST, language.data(), dstDisplayNameBuffer);
             if (U_SUCCESS(status))
                 m_timeZoneDSTDisplayNameCache = String::adopt(WTFMove(dstDisplayNameBuffer));
         }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes