mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-05-19 09:32:52 +00:00
3aeb57ed09
In particular, StringView::contains(char) is often used with a u32 code point. When this is done, the compiler will for some reason allow data corruption to occur silently. In fact, this is one of two reasons for the following OSS Fuzz issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49184 This is probably a very old bug. In the particular case of URLParser, AK::is_url_code_point got confused: return /* ... */ || "!$&'()*+,-./:;=?@_~"sv.contains(code_point); If code_point is a large code point that happens to have the correct lower bytes, AK::is_url_code_point is then convinced that the given code point is okay, even if it is actually problematic. This commit fixes *only* the silent data corruption due to the erroneous conversion, and does not fully resolve OSS-Fuzz#49184. |
||
|---|---|---|
| .. | ||
| Infrastructure | ||
| Body.cpp | ||
| Body.h | ||
| Body.idl | ||
| BodyInit.cpp | ||
| BodyInit.h | ||
| BodyInit.idl | ||
| Enums.cpp | ||
| Enums.h | ||
| Headers.cpp | ||
| Headers.h | ||
| Headers.idl | ||
| HeadersIterator.cpp | ||
| HeadersIterator.h | ||
| Request.cpp | ||
| Request.h | ||
| Request.idl | ||
| Response.cpp | ||
| Response.h | ||
| Response.idl | ||