RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-31 13:32:45 +00:00
Code Issues Activity Actions

AK: Add input bounds checking to String::substring()

Browse source 
This checks for overflow in String::substring(). It also rearranges some
declarations in the header.
This commit is contained in:
Max Wipfli 2021-07-01 17:52:20 +02:00 committed by Andreas Kling
parent 268d81a56c
commit 17eddf3ac4
2 changed files with 13 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

22
AK/String.cpp
View file

@ -91,6 +91,16 @@ String String::isolated_copy() const
return String(move(*impl));
}
String String::substring(size_t start, size_t length) const
{
if (!length)
return String::empty();
VERIFY(m_impl);
VERIFY(!Checked<size_t>::addition_would_overflow(start, length));
VERIFY(start + length <= m_impl->length());
return { characters() + start, length };
}
String String::substring(size_t start) const
{
VERIFY(m_impl);
@ -98,21 +108,11 @@ String String::substring(size_t start) const
return { characters() + start, length() - start };
}
String String::substring(size_t start, size_t length) const
{
if (!length)
return "";
VERIFY(m_impl);
VERIFY(start + length <= m_impl->length());
// FIXME: This needs some input bounds checking.
return { characters() + start, length };
}
StringView String::substring_view(size_t start, size_t length) const
{
VERIFY(m_impl);
VERIFY(!Checked<size_t>::addition_would_overflow(start, length));
VERIFY(start + length <= m_impl->length());
// FIXME: This needs some input bounds checking.
return { characters() + start, length };
}

5
AK/String.h
View file

@ -140,6 +140,7 @@ public:
[[nodiscard]] Vector<String> split_limit(char separator, size_t limit, bool keep_empty = false) const;
[[nodiscard]] Vector<String> split(char separator, bool keep_empty = false) const;
[[nodiscard]] Vector<StringView> split_view(char separator, bool keep_empty = false) const;
[[nodiscard]] Optional<size_t> find(char needle, size_t start = 0) const { return StringUtils::find(*this, needle, start); }
[[nodiscard]] Optional<size_t> find(StringView const& needle, size_t start = 0) const { return StringUtils::find(*this, needle, start); }
@ -147,10 +148,8 @@ public:
// FIXME: Implement find_last(StringView const&) for API symmetry.
[[nodiscard]] Vector<size_t> find_all(StringView const& needle) const { return StringUtils::find_all(*this, needle); }
[[nodiscard]] String substring(size_t start) const;
[[nodiscard]] String substring(size_t start, size_t length) const;
[[nodiscard]] Vector<StringView> split_view(char separator, bool keep_empty = false) const;
[[nodiscard]] String substring(size_t start) const;
[[nodiscard]] StringView substring_view(size_t start, size_t length) const;
[[nodiscard]] StringView substring_view(size_t start) const;