Bug 124644

Summary:

machMessageSize uses sizeof(mach_msg_ool_ports_descriptor_t) for out-of-line *memory*

Product:

WebKit

Reporter:

Tim Horton <thorton>

Component:

WebKit2

Assignee:

Tim Horton <thorton>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

andersca, ap, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
patch	andersca: review+

Description Tim Horton 2013-11-20 01:03:54 PST

machMessageSize does:

        if (numberOfOOLMemoryDescriptors)
            size += (numberOfOOLMemoryDescriptors * sizeof(mach_msg_ool_ports_descriptor_t));

but then uses descriptor->out_of_line, which is a mach_msg_ool_descriptor_t.

Comment 1 Tim Horton 2013-11-20 01:06:46 PST

Created attachment 217403 [details]
patch

Comment 2 Tim Horton 2013-11-20 13:26:53 PST

http://trac.webkit.org/changeset/159581