RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 12:28:12 +00:00
Code Issues Activity Actions

AK: Fix accidentally-quadratic behavior in StringBuilder

Browse source 
Found by OSS Fuzz:
#34451 (old bug)

Related commit: 3908a49661
This commit is contained in:
Ben Wiederhake 2021-05-30 13:10:37 +02:00 committed by Linus Groh
parent 7b4dc590e7
commit 2d011961c9
2 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
AK/ByteBuffer.h
View file

@ -187,6 +187,8 @@ public:
operator Bytes() { return bytes(); } operator Bytes() { return bytes(); }
operator ReadonlyBytes() const { return bytes(); } operator ReadonlyBytes() const { return bytes(); }
ALWAYS_INLINE size_t capacity() const { return is_inline() ? inline_capacity : m_outline_capacity; }
private: private:
ByteBuffer(size_t size) ByteBuffer(size_t size)
{ {
@ -236,7 +238,6 @@ private:
} }
ALWAYS_INLINE bool is_inline() const { return m_size <= inline_capacity; } ALWAYS_INLINE bool is_inline() const { return m_size <= inline_capacity; }
ALWAYS_INLINE size_t capacity() const { return is_inline() ? inline_capacity : m_outline_capacity; }
size_t m_size { 0 }; size_t m_size { 0 };
union { union {

7
AK/StringBuilder.cpp
View file

@ -21,10 +21,11 @@ inline void StringBuilder::will_append(size_t size)
Checked<size_t> needed_capacity = m_length; Checked<size_t> needed_capacity = m_length;
needed_capacity += size; needed_capacity += size;
VERIFY(!needed_capacity.has_overflow()); VERIFY(!needed_capacity.has_overflow());
if (needed_capacity <= m_buffer.capacity())
return;
Checked<size_t> expanded_capacity = needed_capacity; Checked<size_t> expanded_capacity = needed_capacity;
// Prefer to completely use the inline buffer first expanded_capacity *= 2;
if (needed_capacity > inline_capacity)
expanded_capacity *= 2;
VERIFY(!expanded_capacity.has_overflow()); VERIFY(!expanded_capacity.has_overflow());
m_buffer.grow(expanded_capacity.value()); m_buffer.grow(expanded_capacity.value());
} }