AK+Everywhere: Disallow Error::from_string_view(FooString)

That pattern seems to show up a lot in code written by people that aren't intimately familiar with the lifetime model of Error and Strings. This commit makes the compiler detect it and present a more helpful diagnostic than "garbage string at runtime".
2025-07-27 06:07:34 +00:00 · 2023-04-27 21:21:19 +03:30 · 2023-04-27 21:21:19 +03:30 · 7e6341587b
commit 7e6341587b
parent cc35bab143
7 changed files with 29 additions and 14 deletions
--- a/AK/Error.h
+++ b/AK/Error.h
@ -38,6 +38,16 @@ public:
        return Error(syscall_name, rc);
    }
    [[nodiscard]] static Error from_string_view(StringView string_literal) { return Error(string_literal); }
+
+    template<OneOf<DeprecatedString, DeprecatedFlyString, String, FlyString> T>
+    static Error from_string_view(T)
+    {
+        // `Error::from_string_view(DeprecatedString::formatted(...))` is a somewhat common mistake, which leads to a UAF situation.
+        // If your string outlives this error and _isn't_ a temporary being passed to this function, explicitly call .view() on it to resolve to the StringView overload.
+        static_assert(DependentFalse<T>, "Error::from_string_view(String) is almost always a use-after-free");
+        VERIFY_NOT_REACHED();
+    }
+
 #endif

    [[nodiscard]] static Error copy(Error const& error)