Bug 256769

Summary: Handle overflow, underflow in XPath substring position, length
Product: WebKit Reporter: Ahmad Saleem <ahmad.saleem792>
Component: XMLAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: annevk, ap, cdumez, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Ahmad Saleem 2023-05-14 05:14:25 PDT 
Hi Team,

Came across another potential merge.

Blink Commit - https://chromium.googlesource.com/chromium/src.git/+/047653201597a4e5c3912d8c2c35adaa2ed6e6ec

^ Most stuff in XPathFunctions.cpp.

It might be difficult for me to merge, appreciate if someone else can take it.

Thanks!
Comment 1 Alexey Proskuryakov 2023-05-14 12:19:33 PDT 
It's super weird that this came with a unit test instead of an HTML based one. Is there actually an observable difference?
Comment 2 Radar WebKit Bug Importer 2023-05-21 05:15:20 PDT 
<rdar://problem/109624368>