Bug 141406

Summary: REGRESSION: tryFastCalloc is no longer "try"
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: Web Template FrameworkAssignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, cmarcelo, commit-queue, darin, ggaren, kling
Priority: P2 Keywords: Regression
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed fix none

Alexey Proskuryakov
Reported 2015-02-09 15:24:05 PST
tryFastCalloc just calls through to fastCalloc, which crashes when allocation fails.
Attachments
proposed fix (1.19 KB, patch)
2015-02-09 15:27 PST, Alexey Proskuryakov 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2015-02-09 15:27:16 PST
Created attachment 246297 [details] proposed fix I saw this cause crashes on fast/canvas/webgl/webgl-compressed-texture-size-limit.html
WebKit Commit Bot
Comment 2 2015-02-09 16:12:43 PST
Comment on attachment 246297 [details] proposed fix Clearing flags on attachment: 246297 Committed r179855: <http://trac.webkit.org/changeset/179855>
WebKit Commit Bot
Comment 3 2015-02-09 16:12:47 PST
All reviewed patches have been landed. Closing bug.
Darin Adler
Comment 4 2015-02-10 08:34:50 PST
Comment on attachment 246297 [details] proposed fix View in context: https://bugs.webkit.org/attachment.cgi?id=246297&action=review > Source/WTF/wtf/FastMalloc.cpp:326 > + return tryFastZeroedMalloc(numElements * elementSize); Wait a second, what about overflow checking for the multiplication?
Darin Adler
Comment 5 2015-02-10 08:36:36 PST
I think that both fastCalloc and tryFastCalloc are missing checking on overflow in the multiplication in the USE_BMALLOC case.
Alexey Proskuryakov
Comment 6 2015-02-10 09:33:48 PST
Great catch, I copied the existing code mindlessly. Darin has a fix in bug 141434.
Note You need to log in before you can comment on or make changes to this bug.