223694 2021-03-24 09:13:17 -0700 Address undefined behavior found by UBSan in StringToIntegerConversion.h 2021-03-24 12:31:32 -0700 1 1 1 Unclassified WebKit Web Template Framework WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=176131 InRadar P2 Normal --- 1 cdumez cdumez benjamin cmarcelo darin ews-watchlist ggaren sam webkit-bug-importer oldest_to_newest 1743338 0 cdumez 2021-03-24 09:13:17 -0700 Address undefined behavior found by UBSan in StringToIntegerConversion.h: - wtf/text/StringToIntegerConversion.h:94:30: runtime error: signed integer overflow: 2147483640 + 8 cannot be represented in type 'int' - wtf/text/StringToIntegerConversion.h:104:17: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself 1743352 1 424142 cdumez 2021-03-24 09:37:01 -0700 Created attachment 424142 Patch 1743456 2 424142 ggaren 2021-03-24 12:02:30 -0700 Comment on attachment 424142 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=424142&action=review r=me > Source/WTF/wtf/text/StringToIntegerConversion.h:54 > + Checked<IntegralType, RecordOverflow> value = 0; No need for = 0 anymore here. 1743472 3 cdumez 2021-03-24 12:30:43 -0700 Committed r274959 (235712@main): <https://commits.webkit.org/235712@main> 1743476 4 webkit-bug-importer 2021-03-24 12:31:32 -0700 <rdar://problem/75799204> 424142 2021-03-24 09:37:01 -0700 2021-03-24 12:02:30 -0700 Patch bug-223694-20210324093700.patch text/plain 5657 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjc0OTM5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV1RGL0NoYW5n ZUxvZyBiL1NvdXJjZS9XVEYvQ2hhbmdlTG9nCmluZGV4IGMyMmUwOTYyMzQ4MzA2Mjg0ZjViYzVl YzU0ZGExNmZhMWEzNWM0MDIuLmNlNmI2OWU5NWQzY2MwMWMwOTI1N2ZhNTBiZjBhMDdhYTM3ZTll NmYgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XVEYvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9XVEYvQ2hh bmdlTG9nCkBAIC0xLDMgKzEsMTkgQEAKKzIwMjEtMDMtMjQgIENocmlzIER1bWV6ICA8Y2R1bWV6 QGFwcGxlLmNvbT4KKworICAgICAgICBBZGRyZXNzIHVuZGVmaW5lZCBiZWhhdmlvciBmb3VuZCBi eSBVQlNhbiBpbiBTdHJpbmdUb0ludGVnZXJDb252ZXJzaW9uLmgKKyAgICAgICAgaHR0cHM6Ly9i dWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIyMzY5NAorCisgICAgICAgIFJldmlld2Vk IGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFVwZGF0ZSBTdHJpbmdUb0ludGVnZXJDb252 ZXJzaW9uIHRvIGRlYWwgd2l0aCBvdmVyZmxvd3MgaW4gYSB3ZWxsLWRlZmluZWQgbWFubmVyLAor ICAgICAgICBieSByZWx5aW5nIG9uIENoZWNrZWRBcml0aG1ldGljcy4gVGhpcyBhZGRyZXNzZXMg dW5kZWZpbmVkIGJlaGF2aW9yIHJlYm9ydGVkIGJ5CisgICAgICAgIFVCU2FuOgorICAgICAgICAt IHd0Zi90ZXh0L1N0cmluZ1RvSW50ZWdlckNvbnZlcnNpb24uaDo5NDozMDogcnVudGltZSBlcnJv cjogc2lnbmVkIGludGVnZXIgb3ZlcmZsb3c6IDIxNDc0ODM2NDAgKyA4IGNhbm5vdCBiZSByZXBy ZXNlbnRlZCBpbiB0eXBlICdpbnQnCisgICAgICAgIC0gd3RmL3RleHQvU3RyaW5nVG9JbnRlZ2Vy Q29udmVyc2lvbi5oOjEwNDoxNzogcnVudGltZSBlcnJvcjogbmVnYXRpb24gb2YgLTIxNDc0ODM2 NDggY2Fubm90IGJlIHJlcHJlc2VudGVkIGluIHR5cGUgJ2ludCc7IGNhc3QgdG8gYW4gdW5zaWdu ZWQgdHlwZSB0byBuZWdhdGUgdGhpcyB2YWx1ZSB0byBpdHNlbGYKKworICAgICAgICAqIHd0Zi90 ZXh0L1N0cmluZ1RvSW50ZWdlckNvbnZlcnNpb24uaDoKKyAgICAgICAgKFdURjo6dG9JbnRlZ3Jh bFR5cGUpOgorCiAyMDIxLTAzLTIzICBEZWFuIEphY2tzb24gIDx5b2xvQGFwcGxlLmNvbT4KIAog ICAgICAgICBFbmFibGUgTWV0YWwgQU5HTEUgYmFja2VuZCBmb3IgV2ViR0wKZGlmZiAtLWdpdCBh L1NvdXJjZS9XVEYvd3RmL3RleHQvU3RyaW5nVG9JbnRlZ2VyQ29udmVyc2lvbi5oIGIvU291cmNl L1dURi93dGYvdGV4dC9TdHJpbmdUb0ludGVnZXJDb252ZXJzaW9uLmgKaW5kZXggN2UwMjQ0YjBl ZjY3Y2VlZWU1YWUxYTYwZGJhNDEwNTM5N2E4ODliYy4uM2U1YzMyMDgxOWNkZjdlZWY1NWM1ZjM0 MmJmOTBjZDVhMTY2NzA1NiAxMDA2NDQKLS0tIGEvU291cmNlL1dURi93dGYvdGV4dC9TdHJpbmdU b0ludGVnZXJDb252ZXJzaW9uLmgKKysrIGIvU291cmNlL1dURi93dGYvdGV4dC9TdHJpbmdUb0lu dGVnZXJDb252ZXJzaW9uLmgKQEAgLTI3LDYgKzI3LDcgQEAKIAogI2luY2x1ZGUgPHVuaWNvZGUv dXR5cGVzLmg+CiAjaW5jbHVkZSA8d3RmL0FTQ0lJQ1R5cGUuaD4KKyNpbmNsdWRlIDx3dGYvQ2hl Y2tlZEFyaXRobWV0aWMuaD4KIAogbmFtZXNwYWNlIFdURiB7CiAKQEAgLTQ4LDExICs0OSw5IEBA IGlubGluZSBib29sIGlzQ2hhcmFjdGVyQWxsb3dlZEluQmFzZShVQ2hhciBjLCBpbnQgYmFzZSkK IHRlbXBsYXRlPHR5cGVuYW1lIEludGVncmFsVHlwZSwgdHlwZW5hbWUgQ2hhcmFjdGVyVHlwZT4K IGlubGluZSBJbnRlZ3JhbFR5cGUgdG9JbnRlZ3JhbFR5cGUoY29uc3QgQ2hhcmFjdGVyVHlwZSog ZGF0YSwgc2l6ZV90IGxlbmd0aCwgYm9vbCogb2ssIGludCBiYXNlID0gMTApCiB7Ci0gICAgc3Rh dGljIGNvbnN0ZXhwciBJbnRlZ3JhbFR5cGUgaW50ZWdyYWxNYXggPSBzdGQ6Om51bWVyaWNfbGlt aXRzPEludGVncmFsVHlwZT46Om1heCgpOwogICAgIHN0YXRpYyBjb25zdGV4cHIgYm9vbCBpc1Np Z25lZCA9IHN0ZDo6bnVtZXJpY19saW1pdHM8SW50ZWdyYWxUeXBlPjo6aXNfc2lnbmVkOwotICAg IGNvbnN0IEludGVncmFsVHlwZSBtYXhNdWx0aXBsaWVyID0gaW50ZWdyYWxNYXggLyBiYXNlOwog Ci0gICAgSW50ZWdyYWxUeXBlIHZhbHVlID0gMDsKKyAgICBDaGVja2VkPEludGVncmFsVHlwZSwg UmVjb3JkT3ZlcmZsb3c+IHZhbHVlID0gMDsKICAgICBib29sIGlzT2sgPSBmYWxzZTsKICAgICBi b29sIGlzTmVnYXRpdmUgPSBmYWxzZTsKIApAQCAtODgsMjQgKzg3LDE2IEBAIGlubGluZSBJbnRl Z3JhbFR5cGUgdG9JbnRlZ3JhbFR5cGUoY29uc3QgQ2hhcmFjdGVyVHlwZSogZGF0YSwgc2l6ZV90 IGxlbmd0aCwgYm9vCiAgICAgICAgIGVsc2UKICAgICAgICAgICAgIGRpZ2l0VmFsdWUgPSBjIC0g J0EnICsgMTA7CiAKLSAgICAgICAgaWYgKHZhbHVlID4gbWF4TXVsdGlwbGllciB8fCAodmFsdWUg PT0gbWF4TXVsdGlwbGllciAmJiBkaWdpdFZhbHVlID4gKGludGVncmFsTWF4ICUgYmFzZSkgKyBp c05lZ2F0aXZlKSkKLSAgICAgICAgICAgIGdvdG8gYnllOwotCi0gICAgICAgIHZhbHVlID0gYmFz ZSAqIHZhbHVlICsgZGlnaXRWYWx1ZTsKKyAgICAgICAgdmFsdWUgKj0gc3RhdGljX2Nhc3Q8SW50 ZWdyYWxUeXBlPihiYXNlKTsKKyAgICAgICAgaWYgKGlzTmVnYXRpdmUpCisgICAgICAgICAgICB2 YWx1ZSAtPSBkaWdpdFZhbHVlOworICAgICAgICBlbHNlCisgICAgICAgICAgICB2YWx1ZSArPSBk aWdpdFZhbHVlOwogICAgICAgICArK2RhdGE7CiAgICAgfQogCi0jaWYgQ09NUElMRVIoTVNWQykK LSNwcmFnbWEgd2FybmluZyhwdXNoLCAwKQotI3ByYWdtYSB3YXJuaW5nKGRpc2FibGU6NDE0NikK LSNlbmRpZgotCi0gICAgaWYgKGlzTmVnYXRpdmUpCi0gICAgICAgIHZhbHVlID0gLXZhbHVlOwot Ci0jaWYgQ09NUElMRVIoTVNWQykKLSNwcmFnbWEgd2FybmluZyhwb3ApCi0jZW5kaWYKKyAgICBp ZiAoVU5MSUtFTFkodmFsdWUuaGFzT3ZlcmZsb3dlZCgpKSkKKyAgICAgICAgZ290byBieWU7CiAK ICAgICAvLyBza2lwIHRyYWlsaW5nIHNwYWNlCiAgICAgd2hpbGUgKGxlbmd0aCAmJiBpc1NwYWNl T3JOZXdsaW5lKCpkYXRhKSkgewpAQCAtMTE4LDcgKzEwOSw3IEBAIGlubGluZSBJbnRlZ3JhbFR5 cGUgdG9JbnRlZ3JhbFR5cGUoY29uc3QgQ2hhcmFjdGVyVHlwZSogZGF0YSwgc2l6ZV90IGxlbmd0 aCwgYm9vCiBieWU6CiAgICAgaWYgKG9rKQogICAgICAgICAqb2sgPSBpc09rOwotICAgIHJldHVy biBpc09rID8gdmFsdWUgOiAwOworICAgIHJldHVybiBpc09rID8gdmFsdWUudW5zYWZlR2V0KCkg OiAwOwogfQogCiB0ZW1wbGF0ZTx0eXBlbmFtZSBJbnRlZ3JhbFR5cGUsIHR5cGVuYW1lIFN0cmlu Z09yU3RyaW5nVmlldz4KZGlmZiAtLWdpdCBhL1Rvb2xzL0NoYW5nZUxvZyBiL1Rvb2xzL0NoYW5n ZUxvZwppbmRleCBkMzVjNGNmNGFmYmUzMTNlMGEwN2NjYzQ3YzY1MzJhNWU5YjM2ZDg3Li44MmVh MzliNmEwOTg5ZjQ0MzA1MzE2YWI3ZTE2YjhkZGVmZmVjYzkzIDEwMDY0NAotLS0gYS9Ub29scy9D aGFuZ2VMb2cKKysrIGIvVG9vbHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUgQEAKKzIwMjEtMDMt MjQgIENocmlzIER1bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KKworICAgICAgICBBZGRyZXNzIHVu ZGVmaW5lZCBiZWhhdmlvciBmb3VuZCBieSBVQlNhbiBpbiBTdHJpbmdUb0ludGVnZXJDb252ZXJz aW9uLmgKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIy MzY5NAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFk ZCBBUEkgdGVzdCBjb3ZlcmFnZS4KKworICAgICAgICAqIFRlc3RXZWJLaXRBUEkvVGVzdHMvV1RG L1N0cmluZ1ZpZXcuY3BwOgorICAgICAgICAoVGVzdFdlYktpdEFQSTo6VEVTVCk6CisKIDIwMjEt MDMtMjMgIEthdGUgQ2hlbmV5ICA8a2F0aGVyaW5lX2NoZW5leUBhcHBsZS5jb20+CiAKICAgICAg ICAgU2VydmljZSB3b3JrZXIgbG9hZHMgYXJlIG5vdCBtYXJrZWQgYXMgYXBwLWJvdW5kCmRpZmYg LS1naXQgYS9Ub29scy9UZXN0V2ViS2l0QVBJL1Rlc3RzL1dURi9TdHJpbmdWaWV3LmNwcCBiL1Rv b2xzL1Rlc3RXZWJLaXRBUEkvVGVzdHMvV1RGL1N0cmluZ1ZpZXcuY3BwCmluZGV4IDg0ZWM1ZGFm MmU0M2JlYTljNDg1MjdjYTI1Y2RmZDgyOWFmMDdmNDMuLjQ0YTJkZTMwMTE0ZTk3MjE1MTk1ODdh MGY2ZTMyNzNlNGU5ZGViYmEgMTAwNjQ0Ci0tLSBhL1Rvb2xzL1Rlc3RXZWJLaXRBUEkvVGVzdHMv V1RGL1N0cmluZ1ZpZXcuY3BwCisrKyBiL1Rvb2xzL1Rlc3RXZWJLaXRBUEkvVGVzdHMvV1RGL1N0 cmluZ1ZpZXcuY3BwCkBAIC05OTAsNCArOTkwLDM3IEBAIFRFU1QoV1RGLCBTdHJpbmdWaWV3SXNB bGxBU0NJSSkKICAgICBFWFBFQ1RfVFJVRShTdHJpbmdWaWV3KFN0cmluZyhiaXR3aXNlX2Nhc3Q8 Y29uc3QgVUNoYXIqPih1IkhlbGxvIikpKS5pc0FsbEFTQ0lJKCkpOwogfQogCitURVNUKFdURiwg U3RyaW5nVmlld1BhcnNlVUludDE2KQoreworICAgIEVYUEVDVF9FUSgwVSwgKldURjo6cGFyc2VV SW50MTYoIjAiKSk7CisgICAgRVhQRUNUX0VRKDNVLCAqV1RGOjpwYXJzZVVJbnQxNigiMyIpKTsK KyAgICBFWFBFQ1RfRVEoMTIzNDVVLCAqV1RGOjpwYXJzZVVJbnQxNigiMTIzNDUiKSk7CisgICAg RVhQRUNUX0VRKDY1NTM1VSwgKldURjo6cGFyc2VVSW50MTYoIjY1NTM1IikpOworICAgIEVYUEVD VF9UUlVFKCFXVEY6OnBhcnNlVUludDE2KCItMSIpKTsKKyAgICBFWFBFQ1RfVFJVRSghV1RGOjpw YXJzZVVJbnQxNigiLTMiKSk7CisgICAgRVhQRUNUX1RSVUUoIVdURjo6cGFyc2VVSW50MTYoIjY1 NTM2IikpOworfQorCitURVNUKFdURiwgU3RyaW5nVmlld1RvSW50U3RyaWN0KQoreworICAgIGF1 dG8gdGVzdCA9IFtdKEFTQ0lJTGl0ZXJhbCBzdHJpbmcpIHsKKyAgICAgICAgYm9vbCBpc1ZhbGlk ID0gZmFsc2U7CisgICAgICAgIGludCByZXN1bHQgPSBTdHJpbmdWaWV3KHN0cmluZykudG9JbnRT dHJpY3QoaXNWYWxpZCk7CisgICAgICAgIHJldHVybiBpc1ZhbGlkID8gbWFrZU9wdGlvbmFsKHJl c3VsdCkgOiBXVEY6Om51bGxvcHQ7CisgICAgfTsKKyAgICBFWFBFQ1RfRVEoMCwgKnRlc3QoIjAi X3MpKTsKKyAgICBFWFBFQ1RfRVEoMywgKnRlc3QoIjMiX3MpKTsKKyAgICBFWFBFQ1RfRVEoLTMs ICp0ZXN0KCItMyJfcykpOworICAgIEVYUEVDVF9FUSgxMjM0NSwgKnRlc3QoIjEyMzQ1Il9zKSk7 CisgICAgRVhQRUNUX0VRKC0xMjM0NSwgKnRlc3QoIi0xMjM0NSJfcykpOworICAgIGlmIChzdGQ6 Om51bWVyaWNfbGltaXRzPGludD46Om1heCgpID09IDIxNDc0ODM2NDcpIHsKKyAgICAgICAgRVhQ RUNUX0VRKDIxNDc0ODM2NDcsICp0ZXN0KCIyMTQ3NDgzNjQ3Il9zKSk7CisgICAgICAgIEVYUEVD VF9UUlVFKCF0ZXN0KCIyMTQ3NDgzNjQ4Il9zKSk7CisgICAgfQorICAgIGlmIChzdGQ6Om51bWVy aWNfbGltaXRzPGludD46Om1pbigpID09IC0yMTQ3NDgzNjQ4KSB7CisgICAgICAgIEVYUEVDVF9F USgtMjE0NzQ4MzY0OCwgKnRlc3QoIi0yMTQ3NDgzNjQ4Il9zKSk7CisgICAgICAgIEVYUEVDVF9U UlVFKCF0ZXN0KCItMjE0NzQ4MzY0OSJfcykpOworICAgIH0KK30KKwogfSAvLyBuYW1lc3BhY2Ug VGVzdFdlYktpdEFQSQo=