Make Intl.Segmenter more resilient to an OutOfMemory error.

Mark Lam · Mark Lam · commit ce816ccc77d7 · 2023-10-18T09:13:03.000-07:00
https://bugs.webkit.org/show_bug.cgi?id=263278 rdar://116884999 Reviewed by Justin Michaud. * JSTests/stress/out-of-memory-in-intl-segmenter.js: Added. (catch): * Source/JavaScriptCore/JavaScriptCore.order: * Source/JavaScriptCore/runtime/IntlSegmenter.cpp: (JSC::IntlSegmenter::segment const): * Source/WTF/wtf/URLHelpers.cpp: (WTF::URLHelpers::mapHostName): * Source/WTF/wtf/text/WTFString.cpp: (WTF::String::charactersWithoutNullTermination const): (WTF::String::charactersWithNullTermination const): * Source/WTF/wtf/text/WTFString.h: * Source/WebCore/PAL/pal/text/win/TextCodecWin.cpp: (PAL::TextCodecWin::enumerateSupportedEncodings): * Source/WebCore/platform/win/ClipboardUtilitiesWin.cpp: (WebCore::setFileDescriptorData): Canonical link: https://commits.webkit.org/269471@main
diff --git a/JSTests/stress/out-of-memory-in-intl-segmenter.js b/JSTests/stress/out-of-memory-in-intl-segmenter.js
@@ -0,0 +1,14 @@
+//@ skip if $memoryLimited
+
+var exception;
+try {
+    let a = 'a'.repeat(2147483647);
+    const segmenter = new Intl.Segmenter('en');
+    const iter = segmenter.segment(a);
+} catch (e) {
+    exception = e;
+}
+
+if (exception != "RangeError: Out of memory")
+    throw "FAILED";
+
diff --git a/Source/JavaScriptCore/JavaScriptCore.order b/Source/JavaScriptCore/JavaScriptCore.order
@@ -81,7 +81,6 @@ __ZN3WTFL16threadEntryPointEPv
 __ZN3WTF31initializeCurrentThreadInternalEPKc
 __ZN3WTF20ThreadIdentifierData10initializeEj
 __ZN3WTF5MutexD1Ev
-__ZN3WTF6String29charactersWithNullTerminationEv
 __ZN3WTF10StringImpl34createWithTerminatingNullCharacterERKS0_
 __ZNK3WTF10StringImpl17getData16SlowCaseEv
 __ZN3WTF15AutodrainedPoolC1Ev
diff --git a/Source/JavaScriptCore/runtime/IntlSegmenter.cpp b/Source/JavaScriptCore/runtime/IntlSegmenter.cpp
@@ -117,7 +117,13 @@ JSValue IntlSegmenter::segment(JSGlobalObject* globalObject, JSValue stringValue
     RETURN_IF_EXCEPTION(scope, { });
     String string = jsString->value(globalObject);
     RETURN_IF_EXCEPTION(scope, { });
-    auto upconvertedCharacters = Box<Vector<UChar>>::create(string.charactersWithoutNullTermination());
+    auto expectedCharacters = string.charactersWithoutNullTermination();
+    if (!expectedCharacters) {
+        throwOutOfMemoryError(globalObject, scope);
+        return { };
+    }
+
+    auto upconvertedCharacters = Box<Vector<UChar>>::create(expectedCharacters.value());
 
     UErrorCode status = U_ZERO_ERROR;
     auto segmenter = std::unique_ptr<UBreakIterator, UBreakIteratorDeleter>(cloneUBreakIterator(m_segmenter.get(), &status));
diff --git a/Source/WTF/wtf/URLHelpers.cpp b/Source/WTF/wtf/URLHelpers.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2022 Apple Inc. All rights reserved.
+ * Copyright (C) 2005-2023 Apple Inc. All rights reserved.
  * Copyright (C) 2018 Igalia S.L.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -648,8 +648,11 @@ std::optional<String> mapHostName(const String& hostName, URLDecodeFunction deco
 
     unsigned length = string.length();
 
-    auto sourceBuffer = string.charactersWithNullTermination();
-    
+    auto expectedSourceBuffer = string.charactersWithNullTermination();
+    if (!expectedSourceBuffer)
+        return std::nullopt;
+    auto sourceBuffer = expectedSourceBuffer.value();
+
     UChar destinationBuffer[URLParser::hostnameBufferLength];
     UErrorCode uerror = U_ZERO_ERROR;
     UIDNAInfo processingDetails = UIDNA_INFO_INITIALIZER;
diff --git a/Source/WTF/wtf/text/WTFString.cpp b/Source/WTF/wtf/text/WTFString.cpp
@@ -1,6 +1,6 @@
 /*
  * (C) 1999 Lars Knoll (knoll@kde.org)
- * Copyright (C) 2004-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2004-2023 Apple Inc. All rights reserved.
  * Copyright (C) 2007-2009 Torch Mobile, Inc.
  *
  * This library is free software; you can redistribute it and/or
@@ -171,12 +171,13 @@ String String::foldCase() const
     return m_impl ? m_impl->foldCase() : String { };
 }
 
-Vector<UChar> String::charactersWithoutNullTermination() const
+Expected<Vector<UChar>, UTF8ConversionError> String::charactersWithoutNullTermination() const
 {
     Vector<UChar> result;
 
     if (m_impl) {
-        result.reserveInitialCapacity(length() + 1);
+        if (!result.tryReserveInitialCapacity(length() + 1))
+            return makeUnexpected(UTF8ConversionError::OutOfMemory);
 
         if (is8Bit()) {
             const LChar* characters8 = m_impl->characters8();
@@ -190,10 +191,11 @@ Vector<UChar> String::charactersWithoutNullTermination() const
     return result;
 }
 
-Vector<UChar> String::charactersWithNullTermination() const
+Expected<Vector<UChar>, UTF8ConversionError> String::charactersWithNullTermination() const
 {
     auto result = charactersWithoutNullTermination();
-    result.append(0);
+    if (result)
+        result.value().append(0);
     return result;
 }
 
diff --git a/Source/WTF/wtf/text/WTFString.h b/Source/WTF/wtf/text/WTFString.h
@@ -161,8 +161,8 @@ class String final {
     size_t reverseFind(ASCIILiteral literal, unsigned start = MaxLength) const { return m_impl ? m_impl->reverseFind(literal, start) : notFound; }
     size_t reverseFind(StringView, unsigned start = MaxLength) const;
 
-    WTF_EXPORT_PRIVATE Vector<UChar> charactersWithNullTermination() const;
-    WTF_EXPORT_PRIVATE Vector<UChar> charactersWithoutNullTermination() const;
+    WTF_EXPORT_PRIVATE Expected<Vector<UChar>, UTF8ConversionError> charactersWithNullTermination() const;
+    WTF_EXPORT_PRIVATE Expected<Vector<UChar>, UTF8ConversionError> charactersWithoutNullTermination() const;
 
     WTF_EXPORT_PRIVATE UChar32 characterStartingAt(unsigned) const;
 
diff --git a/Source/WebCore/PAL/pal/text/win/TextCodecWin.cpp b/Source/WebCore/PAL/pal/text/win/TextCodecWin.cpp
@@ -298,7 +298,7 @@ void TextCodecWin::enumerateSupportedEncodings(EncodingReceiver& receiver)
     languageManager();
     for (CharsetSet::iterator i = supportedCharsets().begin(); i != supportedCharsets().end(); ++i) {
         HashMap<String, CharsetInfo>::iterator j = knownCharsets().find(*i);
-        if (j != knownCharsets().end() && !receiver.receive(j->value.m_name.data(), j->value.m_friendlyName.charactersWithNullTermination().data(), j->value.m_codePage))
+        if (j != knownCharsets().end() && !receiver.receive(j->value.m_name.data(), j->value.m_friendlyName.charactersWithNullTermination()->data(), j->value.m_codePage))
             break;
     }
 }
diff --git a/Source/WebCore/platform/win/ClipboardUtilitiesWin.cpp b/Source/WebCore/platform/win/ClipboardUtilitiesWin.cpp
@@ -418,7 +418,7 @@ void setFileDescriptorData(IDataObject* dataObject, int size, const String& pass
     fgd->fgd[0].nFileSizeLow = size;
 
     int maxSize = std::min<int>(pathname.length(), std::size(fgd->fgd[0].cFileName));
-    CopyMemory(fgd->fgd[0].cFileName, pathname.charactersWithNullTermination().data(), maxSize * sizeof(UChar));
+    CopyMemory(fgd->fgd[0].cFileName, pathname.charactersWithNullTermination()->data(), maxSize * sizeof(UChar));
     GlobalUnlock(medium.hGlobal);
 
     dataObject->SetData(fileDescriptorFormat(), &medium, TRUE);

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`/*`
`2`	`2`	`* (C) 1999 Lars Knoll ([email protected])`
`3`		`- * Copyright (C) 2004-2019 Apple Inc. All rights reserved.`
	`3`	`+ * Copyright (C) 2004-2023 Apple Inc. All rights reserved.`
`4`	`4`	`* Copyright (C) 2007-2009 Torch Mobile, Inc.`
`5`	`5`	`*`
`6`	`6`	`* This library is free software; you can redistribute it and/or`
`@@ -171,12 +171,13 @@ String String::foldCase() const`
`171`	`171`	`return m_impl ? m_impl->foldCase() : String { };`
`172`	`172`	`}`
`173`	`173`
`174`		`-Vector<UChar> String::charactersWithoutNullTermination() const`
	`174`	`+Expected<Vector<UChar>, UTF8ConversionError> String::charactersWithoutNullTermination() const`
`175`	`175`	`{`
`176`	`176`	`Vector<UChar> result;`
`177`	`177`
`178`	`178`	`if (m_impl) {`
`179`		`- result.reserveInitialCapacity(length() + 1);`
	`179`	`+ if (!result.tryReserveInitialCapacity(length() + 1))`
	`180`	`+ return makeUnexpected(UTF8ConversionError::OutOfMemory);`
`180`	`181`
`181`	`182`	`if (is8Bit()) {`
`182`	`183`	`const LChar* characters8 = m_impl->characters8();`
`@@ -190,10 +191,11 @@ Vector<UChar> String::charactersWithoutNullTermination() const`
`190`	`191`	`return result;`
`191`	`192`	`}`
`192`	`193`
`193`		`-Vector<UChar> String::charactersWithNullTermination() const`
	`194`	`+Expected<Vector<UChar>, UTF8ConversionError> String::charactersWithNullTermination() const`
`194`	`195`	`{`
`195`	`196`	`auto result = charactersWithoutNullTermination();`
`196`		`- result.append(0);`
	`197`	`+ if (result)`
	`198`	`+ result.value().append(0);`
`197`	`199`	`return result;`
`198`	`200`	`}`
`199`	`201`
Original file line number	Diff line number	Diff line change
`@@ -298,7 +298,7 @@ void TextCodecWin::enumerateSupportedEncodings(EncodingReceiver& receiver)`
`298`	`298`	`languageManager();`
`299`	`299`	`for (CharsetSet::iterator i = supportedCharsets().begin(); i != supportedCharsets().end(); ++i) {`
`300`	`300`	`HashMap<String, CharsetInfo>::iterator j = knownCharsets().find(*i);`
`301`		`- if (j != knownCharsets().end() && !receiver.receive(j->value.m_name.data(), j->value.m_friendlyName.charactersWithNullTermination().data(), j->value.m_codePage))`
	`301`	`+ if (j != knownCharsets().end() && !receiver.receive(j->value.m_name.data(), j->value.m_friendlyName.charactersWithNullTermination()->data(), j->value.m_codePage))`
`302`	`302`	`break;`
`303`	`303`	`}`
`304`	`304`	`}`