From 135d29b498ec4b95998b06217f0391ddad707e0f Mon Sep 17 00:00:00 2001
From: Sergey Bugaev <bugaevc@serenityos.org>
Date: Thu, 30 Apr 2020 00:17:54 +0300
Subject: [PATCH] AK: Assert that we don't create StringViews of negative
 length

Due to us using size_t for the length, the actual value will always be positive.
If, for example, we calculate the length as "0 - 1", we'll get SIZE_T_MAX. What
we can do is check that adding the characters pointer and the length together
doesn't overflow.
---
 AK/StringView.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/AK/StringView.h b/AK/StringView.h
index faeacefb09e..56f35d4088c 100644
--- a/AK/StringView.h
+++ b/AK/StringView.h
@@ -26,6 +26,8 @@
 
 #pragma once
 
+#include <AK/Assertions.h>
+#include <AK/Checked.h>
 #include <AK/Forward.h>
 #include <AK/StdLibExtras.h>
 #include <AK/StringUtils.h>
@@ -36,16 +38,18 @@ class StringView {
 public:
     using ConstIterator = const char*;
 
-    StringView() {}
+    StringView() { }
     StringView(const char* characters, size_t length)
         : m_characters(characters)
         , m_length(length)
     {
+        ASSERT(!Checked<uintptr_t>::addition_would_overflow((uintptr_t)characters, length));
     }
     StringView(const unsigned char* characters, size_t length)
         : m_characters((const char*)characters)
         , m_length(length)
     {
+        ASSERT(!Checked<uintptr_t>::addition_would_overflow((uintptr_t)characters, length));
     }
     [[gnu::always_inline]] inline StringView(const char* cstring)
         : m_characters(cstring)