236621 2022-02-14 16:42:39 -0800 [libpas] compact pointers should load payload via memcpy 2022-02-14 19:55:43 -0800 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ysuzuki ysuzuki mark.lam webkit-bug-importer oldest_to_newest 1841476 0 ysuzuki 2022-02-14 16:42:39 -0800 [libpas] compact pointers should load payload via memcpy 1841478 1 451957 ysuzuki 2022-02-14 16:44:41 -0800 Created attachment 451957 Patch 1841479 2 ysuzuki 2022-02-14 16:49:33 -0800 rdar://88928951 1841485 3 451957 mark.lam 2022-02-14 17:00:32 -0800 Comment on attachment 451957 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=451957&action=review r=me. Since EWS is misbehaving, please do a local build and smokes test run if you haven't already done so. > Source/bmalloc/ChangeLog:8 > + ASan found that we are loading 8bytes which can potentially be overflown. nit: "8bytes" => "8 bytes". "overflown" => "overflowed". 1841551 4 ysuzuki 2022-02-14 19:55:43 -0800 Committed r289788 (247253@trunk): <https://commits.webkit.org/247253@trunk> 451957 2022-02-14 16:44:41 -0800 2022-02-14 17:00:32 -0800 Patch bug-236621-20220214164440.patch text/plain 4887 ysuzuki U3VidmVyc2lvbiBSZXZpc2lvbjogMjg5NzcwCmRpZmYgLS1naXQgYS9Tb3VyY2UvYm1hbGxvYy9D aGFuZ2VMb2cgYi9Tb3VyY2UvYm1hbGxvYy9DaGFuZ2VMb2cKaW5kZXggN2YxNzMwZWY3ZjA1NGJm MzBkM2VlMWRjMWEwOGNlNmRlZThiNWE0Yi4uMWRmY2QzMzBhMWNlOThjNjA4ZDQ5ZmYyYTdmNWUz NzlkOTllNWUxOSAxMDA2NDQKLS0tIGEvU291cmNlL2JtYWxsb2MvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9ibWFsbG9jL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE5IEBACisyMDIyLTAyLTE0ICBZdXN1 a2UgU3V6dWtpICA8eXN1enVraUBhcHBsZS5jb20+CisKKyAgICAgICAgW2xpYnBhc10gY29tcGFj dCBwb2ludGVycyBzaG91bGQgbG9hZCBwYXlsb2FkIHZpYSBtZW1jcHkKKyAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIzNjYyMQorCisgICAgICAgIFJldmll d2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFTYW4gZm91bmQgdGhhdCB3ZSBhcmUg bG9hZGluZyA4Ynl0ZXMgd2hpY2ggY2FuIHBvdGVudGlhbGx5IGJlIG92ZXJmbG93bi4KKyAgICAg ICAgRm9yIGV4YW1wbGUsIHdlIGxvYWQgdGhpcyBmcm9tIGEgcG9pbnRlciB0byBzdGFjayB2YXJp YWJsZSwgd2hpY2ggbWVhbnMgdGhhdAorICAgICAgICB3ZSBjb3VsZCBjYXVzZSBzdGFjayBvdmVy Zmxvdy4gSW5zdGVhZCB3ZSBzaG91bGQgdXNlIG1lbWNweS4KKyAgICAgICAgQ3VycmVudGx5LCB3 ZSBvbmx5IHN1cHBvcnQgbGl0dGxlIGVuZGlhbiBjb2RlLCBidXQgaXQgaXMgT0sgc2luY2UgbGli cGFzIGlzIG5vdAorICAgICAgICBlbmFibGVkIGluIG5vbiBsaXR0bGUgZW5kaWFuIGFyY2hpdGVj dHVyZXMuCisKKyAgICAgICAgKiBsaWJwYXMvc3JjL2xpYnBhcy9wYXNfY29tcGFjdF9wdHIuaDoK KyAgICAgICAgKiBsaWJwYXMvc3JjL2xpYnBhcy9wYXNfY29tcGFjdF90YWdnZWRfcHRyLmg6CisK IDIwMjItMDItMTMgIFl1c3VrZSBTdXp1a2kgIDx5c3V6dWtpQGFwcGxlLmNvbT4KIAogICAgICAg ICBVbnJldmlld2VkLCBmaXggTGludXggYnVpbGQgb2YgbGlicGFzIHBhcnQgMgpkaWZmIC0tZ2l0 IGEvU291cmNlL2JtYWxsb2MvbGlicGFzL3NyYy9saWJwYXMvcGFzX2NvbXBhY3RfcHRyLmggYi9T b3VyY2UvYm1hbGxvYy9saWJwYXMvc3JjL2xpYnBhcy9wYXNfY29tcGFjdF9wdHIuaAppbmRleCA4 ZjEyODdiYTIzZjg3MjJlYWY4ODM4YmVmNmFkNzNjYmUzZjAyNGFjLi4yZjRhYjkzYzE2MWRjN2E1 YTdjZTYyNjM0MDI2ZmNjYThmNDYyNjFmIDEwMDY0NAotLS0gYS9Tb3VyY2UvYm1hbGxvYy9saWJw YXMvc3JjL2xpYnBhcy9wYXNfY29tcGFjdF9wdHIuaAorKysgYi9Tb3VyY2UvYm1hbGxvYy9saWJw YXMvc3JjL2xpYnBhcy9wYXNfY29tcGFjdF9wdHIuaApAQCAtOTYsMjIgKzk2LDMxIEBAIFBBU19C RUdJTl9FWFRFUk5fQzsKICAgICBcCiAgICAgc3RhdGljIGlubGluZSB0eXBlKiBuYW1lICMjIF9s b2FkKG5hbWUqIHB0cikgXAogICAgIHsgXAotICAgICAgICByZXR1cm4gbmFtZSAjIyBfcHRyX2Zv cl9pbmRleCgqKHVpbnRwdHJfdCopcHRyICYgUEFTX0NPTVBBQ1RfUFRSX01BU0spOyBcCisgICAg ICAgIHVpbnRwdHJfdCBwdHJfYXNfaW5kZXggPSAwOyBcCisgICAgICAgIG1lbWNweSgmcHRyX2Fz X2luZGV4LCBwdHItPnBheWxvYWQsIFBBU19DT01QQUNUX1BUUl9TSVpFKTsgXAorICAgICAgICBw dHJfYXNfaW5kZXggJj0gUEFTX0NPTVBBQ1RfUFRSX01BU0s7IFwKKyAgICAgICAgcmV0dXJuIG5h bWUgIyMgX3B0cl9mb3JfaW5kZXgocHRyX2FzX2luZGV4KTsgXAogICAgIH0gXAogICAgIFwKICAg ICBzdGF0aWMgaW5saW5lIHR5cGUqIG5hbWUgIyMgX2xvYWRfbm9uX251bGwobmFtZSogcHRyKSBc CiAgICAgeyBcCi0gICAgICAgIHJldHVybiBuYW1lICMjIF9wdHJfZm9yX2luZGV4X25vbl9udWxs KCoodWludHB0cl90KilwdHIgJiBQQVNfQ09NUEFDVF9QVFJfTUFTSyk7IFwKKyAgICAgICAgdWlu dHB0cl90IHB0cl9hc19pbmRleCA9IDA7IFwKKyAgICAgICAgbWVtY3B5KCZwdHJfYXNfaW5kZXgs IHB0ci0+cGF5bG9hZCwgUEFTX0NPTVBBQ1RfUFRSX1NJWkUpOyBcCisgICAgICAgIHB0cl9hc19p bmRleCAmPSBQQVNfQ09NUEFDVF9QVFJfTUFTSzsgXAorICAgICAgICByZXR1cm4gbmFtZSAjIyBf cHRyX2Zvcl9pbmRleF9ub25fbnVsbChwdHJfYXNfaW5kZXgpOyBcCiAgICAgfSBcCiAgICAgXAog ICAgIHN0YXRpYyBpbmxpbmUgYm9vbCBuYW1lICMjIF9pc19udWxsKG5hbWUqIHB0cikgXAogICAg IHsgXAotICAgICAgICByZXR1cm4gISgqKHVpbnRwdHJfdCopcHRyICYgUEFTX0NPTVBBQ1RfUFRS X01BU0spOyBcCisgICAgICAgIHVpbnRwdHJfdCBwdHJfYXNfaW5kZXggPSAwOyBcCisgICAgICAg IG1lbWNweSgmcHRyX2FzX2luZGV4LCBwdHItPnBheWxvYWQsIFBBU19DT01QQUNUX1BUUl9TSVpF KTsgXAorICAgICAgICBwdHJfYXNfaW5kZXggJj0gUEFTX0NPTVBBQ1RfUFRSX01BU0s7IFwKKyAg ICAgICAgcmV0dXJuICFwdHJfYXNfaW5kZXg7IFwKICAgICB9IFwKICAgICBcCiAgICAgc3RhdGlj IGlubGluZSB0eXBlKiBuYW1lICMjIF9sb2FkX3JlbW90ZShwYXNfZW51bWVyYXRvciogZW51bWVy YXRvciwgbmFtZSogcHRyKSBcCiAgICAgeyBcCi0gICAgICAgIHVpbnRwdHJfdCBwdHJfYXNfaW5k ZXg7IFwKKyAgICAgICAgdWludHB0cl90IHB0cl9hc19pbmRleCA9IDA7IFwKICAgICAgICAgbWVt Y3B5KCZwdHJfYXNfaW5kZXgsIHB0ci0+cGF5bG9hZCwgUEFTX0NPTVBBQ1RfUFRSX1NJWkUpOyBc CiAgICAgICAgIHB0cl9hc19pbmRleCAmPSBQQVNfQ09NUEFDVF9QVFJfTUFTSzsgXAogICAgICAg ICByZXR1cm4gbmFtZSAjIyBfcHRyX2Zvcl9yZW1vdGVfaW5kZXgoZW51bWVyYXRvciwgcHRyX2Fz X2luZGV4KTsgXApkaWZmIC0tZ2l0IGEvU291cmNlL2JtYWxsb2MvbGlicGFzL3NyYy9saWJwYXMv cGFzX2NvbXBhY3RfdGFnZ2VkX3B0ci5oIGIvU291cmNlL2JtYWxsb2MvbGlicGFzL3NyYy9saWJw YXMvcGFzX2NvbXBhY3RfdGFnZ2VkX3B0ci5oCmluZGV4IGE4M2RhZjdiNjYzZWQ4ZTE0YzdiNmI1 ZTFjYWI3OGFkNWU4ODM0NDQuLjhhN2U3MTE4OWQ2NDU1M2FiY2JhODAyMWY1OTFjNTlkZGJiOGY3 MjkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9ibWFsbG9jL2xpYnBhcy9zcmMvbGlicGFzL3Bhc19jb21w YWN0X3RhZ2dlZF9wdHIuaAorKysgYi9Tb3VyY2UvYm1hbGxvYy9saWJwYXMvc3JjL2xpYnBhcy9w YXNfY29tcGFjdF90YWdnZWRfcHRyLmgKQEAgLTk4LDIyICs5OCwzMSBAQCBQQVNfQkVHSU5fRVhU RVJOX0M7CiAgICAgXAogICAgIHN0YXRpYyBpbmxpbmUgYm9vbCBuYW1lICMjIF9pc19udWxsKG5h bWUqIHB0cikgXAogICAgIHsgXAotICAgICAgICByZXR1cm4gISgqKHVpbnRwdHJfdCopcHRyICYg UEFTX0NPTVBBQ1RfVEFHR0VEX1BUUl9NQVNLKTsgXAorICAgICAgICB1aW50cHRyX3QgcHRyX2Fz X29mZnNldCA9IDA7IFwKKyAgICAgICAgbWVtY3B5KCZwdHJfYXNfb2Zmc2V0LCBwdHItPnBheWxv YWQsIFBBU19DT01QQUNUX1RBR0dFRF9QVFJfU0laRSk7IFwKKyAgICAgICAgcHRyX2FzX29mZnNl dCAmPSBQQVNfQ09NUEFDVF9UQUdHRURfUFRSX01BU0s7IFwKKyAgICAgICAgcmV0dXJuICFwdHJf YXNfb2Zmc2V0OyBcCiAgICAgfSBcCiAgICAgXAogICAgIHN0YXRpYyBpbmxpbmUgdHlwZSBuYW1l ICMjIF9sb2FkKG5hbWUqIHB0cikgXAogICAgIHsgXAotICAgICAgICByZXR1cm4gbmFtZSAjIyBf cHRyX2Zvcl9vZmZzZXQoKih1aW50cHRyX3QqKXB0ciAmIFBBU19DT01QQUNUX1RBR0dFRF9QVFJf TUFTSyk7IFwKKyAgICAgICAgdWludHB0cl90IHB0cl9hc19vZmZzZXQgPSAwOyBcCisgICAgICAg IG1lbWNweSgmcHRyX2FzX29mZnNldCwgcHRyLT5wYXlsb2FkLCBQQVNfQ09NUEFDVF9UQUdHRURf UFRSX1NJWkUpOyBcCisgICAgICAgIHB0cl9hc19vZmZzZXQgJj0gUEFTX0NPTVBBQ1RfVEFHR0VE X1BUUl9NQVNLOyBcCisgICAgICAgIHJldHVybiBuYW1lICMjIF9wdHJfZm9yX29mZnNldChwdHJf YXNfb2Zmc2V0KTsgXAogICAgIH0gXAogICAgIFwKICAgICBzdGF0aWMgaW5saW5lIHR5cGUgbmFt ZSAjIyBfbG9hZF9ub25fbnVsbChuYW1lKiBwdHIpIFwKICAgICB7IFwKLSAgICAgICAgcmV0dXJu IG5hbWUgIyMgX3B0cl9mb3Jfb2Zmc2V0X25vbl9udWxsKCoodWludHB0cl90KilwdHIgJiBQQVNf Q09NUEFDVF9UQUdHRURfUFRSX01BU0spOyBcCisgICAgICAgIHVpbnRwdHJfdCBwdHJfYXNfb2Zm c2V0ID0gMDsgXAorICAgICAgICBtZW1jcHkoJnB0cl9hc19vZmZzZXQsIHB0ci0+cGF5bG9hZCwg UEFTX0NPTVBBQ1RfVEFHR0VEX1BUUl9TSVpFKTsgXAorICAgICAgICBwdHJfYXNfb2Zmc2V0ICY9 IFBBU19DT01QQUNUX1RBR0dFRF9QVFJfTUFTSzsgXAorICAgICAgICByZXR1cm4gbmFtZSAjIyBf cHRyX2Zvcl9vZmZzZXRfbm9uX251bGwocHRyX2FzX29mZnNldCk7IFwKICAgICB9IFwKICAgICBc CiAgICAgc3RhdGljIGlubGluZSB0eXBlIG5hbWUgIyMgX2xvYWRfcmVtb3RlKHBhc19lbnVtZXJh dG9yKiBlbnVtZXJhdG9yLCBuYW1lKiBwdHIpIFwKICAgICB7IFwKLSAgICAgICAgdWludHB0cl90 IHB0cl9hc19vZmZzZXQ7IFwKKyAgICAgICAgdWludHB0cl90IHB0cl9hc19vZmZzZXQgPSAwOyBc CiAgICAgICAgIG1lbWNweSgmcHRyX2FzX29mZnNldCwgcHRyLT5wYXlsb2FkLCBQQVNfQ09NUEFD VF9UQUdHRURfUFRSX1NJWkUpOyBcCiAgICAgICAgIHB0cl9hc19vZmZzZXQgJj0gUEFTX0NPTVBB Q1RfVEFHR0VEX1BUUl9NQVNLOyBcCiAgICAgICAgIHJldHVybiBuYW1lICMjIF9wdHJfZm9yX3Jl bW90ZV9vZmZzZXQoZW51bWVyYXRvciwgcHRyX2FzX29mZnNldCk7IFwK