From 4c32a128ef640e6cd6030fc7f51dafde3c3d1078 Mon Sep 17 00:00:00 2001 From: Gunnar Beutner Date: Mon, 31 May 2021 00:55:51 +0200 Subject: [PATCH] AK: Fix accidentally-quadratic behavior in StringBuilder Found by OSS Fuzz: Related commit: 3908a49661a00e15621748dcb2b0424f29433571 Co-authored-by: Ben Wiederhake --- AK/StringBuilder.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/AK/StringBuilder.cpp b/AK/StringBuilder.cpp index fda01d6e79..0a363a5355 100644 --- a/AK/StringBuilder.cpp +++ b/AK/StringBuilder.cpp @@ -21,10 +21,11 @@ inline void StringBuilder::will_append(size_t size) Checked needed_capacity = m_length; needed_capacity += size; VERIFY(!needed_capacity.has_overflow()); + // Prefer to completely use the existing capacity first + if (needed_capacity <= m_buffer.capacity()) + return; Checked expanded_capacity = needed_capacity; - // Prefer to completely use the inline buffer first - if (needed_capacity > inline_capacity) - expanded_capacity *= 2; + expanded_capacity *= 2; VERIFY(!expanded_capacity.has_overflow()); m_buffer.ensure_capacity(expanded_capacity.value()); }