77799 2012-02-03 19:50:05 -0800 SharedBuffer::getSomeData() can potentially return a pointer past the data 2012-02-13 17:41:09 -0800 1 1 1 Unclassified WebKit Page Loading 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 77718 1 benjamin benjamin ddkilzer eric kling psolanki oldest_to_newest 549331 0 benjamin 2012-02-03 19:50:05 -0800 SharedBuffer::getSomeData() can potentially return a pointer past the data. It does nothing bad at the moment because all the call to SharedBuffer::getSomeData() are done the same way, but nothing prevent such accident in the future. 549336 1 125469 benjamin 2012-02-03 19:57:36 -0800 Created attachment 125469 Patch 549337 2 benjamin 2012-02-03 19:58:31 -0800 This patch is on top of #77718, please disregard the bots. 554785 3 ddkilzer 2012-02-11 21:47:39 -0800 <rdar://problem/10849813> 554786 4 125469 ddkilzer 2012-02-11 21:50:27 -0800 Comment on attachment 125469 Patch r=me 555807 5 benjamin 2012-02-13 17:41:09 -0800 Committed r107652: <http://trac.webkit.org/changeset/107652> 125469 2012-02-03 19:57:36 -0800 2012-02-11 21:50:26 -0800 Patch bug-77799-20120203195735.patch text/plain 2878 benjamin U3VidmVyc2lvbiBSZXZpc2lvbjogMTA2NjAwCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMmU4NGFiYjIzOTJlNzc3 MjcxZTVhNGI3MTAyNmRhMTk5ZDAwMzYwZS4uNjE3ZTg2MzQ1ZmYzNjNiYTQ5MmI5ZTA5ZWNmYTJi YjY4OGUyODM0MCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSw1ICsxLDI0IEBACiAyMDEyLTAyLTAzICBCZW5q YW1pbiBQb3VsYWluICA8YnBvdWxhaW5AYXBwbGUuY29tPgogCisgICAgICAgIFNoYXJlZEJ1ZmZl cjo6Z2V0U29tZURhdGEoKSBjYW4gcG90ZW50aWFsbHkgcmV0dXJuIGEgcG9pbnRlciBwYXN0IHRo ZSBkYXRhCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD03 Nzc5OQorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRo ZSBleHBlY3RlZCBiZWhhdmlvciBmcm9tIFNoYXJlZEJ1ZmZlcjo6Z2V0U29tZURhdGEoKSBpcyB0 byByZXR1cm4gYSBzaXplIGFuZCBwb2ludGVyIG9mIHZhbHVlIDAKKyAgICAgICAgaWYgcG9zaXRp b24gaXMgcGFzdCB0aGUgZGF0YS4KKworICAgICAgICBIb3dldmVyLCB0aGUgY29kZSBoYW5kbGlu ZyB0aGUgbWVtb3J5IG1hcHBlZCBkYXRhIGlzIGJlZm9yZSB0aGUgY29kZSBlbnN1cmluZyB0aGUg YWZvcmVtZW50aW9uZWQKKyAgICAgICAgY29uZGl0aW9uLiBJdCBpcyBwb3NzaWJsZSB0byByZXR1 cm4gYSBwb2ludGVyIHBhc3QgdGhlIGRhdGEsIGFuZCBhIG5vbi1udWxsIHNpemUuCisKKyAgICAg ICAgVGhpcyBwYXRjaCBhaW1zIGF0IHByZXZlbnRpbmcgc3VjaCBpbnZhbGlkIG1lbW9yeSBhY2Nl c3MgYnkgY2hlY2tpbmcgcG9zaXRpb24gaXMgaW4gdGhlIGJvdW5kYXJpZXMKKyAgICAgICAgYmVm b3JlIGFueSBhdHRlbXB0IGlzIG1hZGUgdG8gcmV0dXJuIHRoZSBkYXRhLgorCisgICAgICAgICog cGxhdGZvcm0vU2hhcmVkQnVmZmVyLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlNoYXJlZEJ1ZmZl cjo6Z2V0U29tZURhdGEpOgorCisyMDEyLTAyLTAzICBCZW5qYW1pbiBQb3VsYWluICA8YnBvdWxh aW5AYXBwbGUuY29tPgorCiAgICAgICAgIFNoYXJlZEJ1ZmZlcjo6Z2V0U29tZURhdGEoKSBtdXN0 IHN1cHBvcnQgbV9kYXRhQXJyYXkgaWYgTkVUV09SS19DRkRBVEFfQVJSQVlfQ0FMTEJBQ0sgaXMg ZGVmaW5lZAogICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9 Nzc3MTgKIApkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vU2hhcmVkQnVmZmVy LmNwcCBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL1NoYXJlZEJ1ZmZlci5jcHAKaW5kZXggMGVm YmRkNTQ0ZjYwNzUyN2E3ZDVjMDgyY2IyNzI3OGYyZDZiZDU3YS4uZDlmYzgzZGYyMDdiYTRlOTU5 YWFiMTMxZWQ1MmRhODBiMDUxNGUyNCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGxhdGZv cm0vU2hhcmVkQnVmZmVyLmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9TaGFyZWRC dWZmZXIuY3BwCkBAIC0yMzMsMTYgKzIzMywxOSBAQCBjb25zdCBWZWN0b3I8Y2hhcj4mIFNoYXJl ZEJ1ZmZlcjo6YnVmZmVyKCkgY29uc3QKIAogdW5zaWduZWQgU2hhcmVkQnVmZmVyOjpnZXRTb21l RGF0YShjb25zdCBjaGFyKiYgc29tZURhdGEsIHVuc2lnbmVkIHBvc2l0aW9uKSBjb25zdAogewot ICAgIGlmIChoYXNQbGF0Zm9ybURhdGEoKSB8fCBtX3B1cmdlYWJsZUJ1ZmZlcikgewotICAgICAg ICBzb21lRGF0YSA9IGRhdGEoKSArIHBvc2l0aW9uOwotICAgICAgICByZXR1cm4gc2l6ZSgpIC0g cG9zaXRpb247Ci0gICAgfQotCi0gICAgaWYgKHBvc2l0aW9uID49IG1fc2l6ZSkgeworICAgIHVu c2lnbmVkIHRvdGFsU2l6ZSA9IHNpemUoKTsKKyAgICBpZiAocG9zaXRpb24gPj0gdG90YWxTaXpl KSB7CiAgICAgICAgIHNvbWVEYXRhID0gMDsKICAgICAgICAgcmV0dXJuIDA7CiAgICAgfQogCisg ICAgaWYgKGhhc1BsYXRmb3JtRGF0YSgpIHx8IG1fcHVyZ2VhYmxlQnVmZmVyKSB7CisgICAgICAg IEFTU0VSVChwb3NpdGlvbiA8IHNpemUoKSk7CisgICAgICAgIHNvbWVEYXRhID0gZGF0YSgpICsg cG9zaXRpb247CisgICAgICAgIHJldHVybiB0b3RhbFNpemUgLSBwb3NpdGlvbjsKKyAgICB9CisK KyAgICBBU1NFUlQocG9zaXRpb24gPCBtX3NpemUpOwogICAgIHVuc2lnbmVkIGNvbnNlY3V0aXZl U2l6ZSA9IG1fYnVmZmVyLnNpemUoKTsKICAgICBpZiAocG9zaXRpb24gPCBjb25zZWN1dGl2ZVNp emUpIHsKICAgICAgICAgc29tZURhdGEgPSBtX2J1ZmZlci5kYXRhKCkgKyBwb3NpdGlvbjsKQEAg LTI1NCw3ICsyNTcsNyBAQCB1bnNpZ25lZCBTaGFyZWRCdWZmZXI6OmdldFNvbWVEYXRhKGNvbnN0 IGNoYXIqJiBzb21lRGF0YSwgdW5zaWduZWQgcG9zaXRpb24pIGNvbgogICAgIHVuc2lnbmVkIG1h eFNlZ21lbnRlZFNpemUgPSBzZWdtZW50cyAqIHNlZ21lbnRTaXplOwogICAgIHVuc2lnbmVkIHNl Z21lbnQgPSBzZWdtZW50SW5kZXgocG9zaXRpb24pOwogICAgIGlmIChzZWdtZW50IDwgc2VnbWVu dHMpIHsKLSAgICAgICAgdW5zaWduZWQgYnl0ZXNMZWZ0ID0gbV9zaXplIC0gY29uc2VjdXRpdmVT aXplOworICAgICAgICB1bnNpZ25lZCBieXRlc0xlZnQgPSB0b3RhbFNpemUgLSBjb25zZWN1dGl2 ZVNpemU7CiAgICAgICAgIHVuc2lnbmVkIHNlZ21lbnRlZFNpemUgPSBtaW4obWF4U2VnbWVudGVk U2l6ZSwgYnl0ZXNMZWZ0KTsKIAogICAgICAgICB1bnNpZ25lZCBwb3NpdGlvbkluU2VnbWVudCA9 IG9mZnNldEluU2VnbWVudChwb3NpdGlvbik7Cg==