Bug 188740

Summary: [JSC] HeapUtil should care about pointer overflow
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch saam: review+

Description Yusuke Suzuki 2018-08-20 00:31:02 PDT 
[JSC] HeapUtil should care pointer overflow
Comment 1 Yusuke Suzuki 2018-08-20 00:55:11 PDT 
Created attachment 347485 [details]
Patch
Comment 2 Saam Barati 2018-08-21 19:53:28 PDT 
Comment on attachment 347485 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=347485&action=review

> Source/JavaScriptCore/ChangeLog:3
> +        [JSC] HeapUtil should care pointer overflow

care pointer => care about pointer

> Source/JavaScriptCore/ChangeLog:8
> +        `pointer - sizeof(IndexingHeader) - 1` causes an undefined behavior if a pointer is overflow.

is overflow => overflows
Comment 3 Yusuke Suzuki 2018-08-21 22:04:02 PDT 
Comment on attachment 347485 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=347485&action=review

Thank you!

>> Source/JavaScriptCore/ChangeLog:3
>> +        [JSC] HeapUtil should care pointer overflow
> 
> care pointer => care about pointer

Thanks, fixed.

>> Source/JavaScriptCore/ChangeLog:8
>> +        `pointer - sizeof(IndexingHeader) - 1` causes an undefined behavior if a pointer is overflow.
> 
> is overflow => overflows

Fixed.
Comment 4 Yusuke Suzuki 2018-08-21 22:05:13 PDT 
Committed r235161: <https://trac.webkit.org/changeset/235161>
Comment 5 Radar WebKit Bug Importer 2018-08-21 22:06:19 PDT 
<rdar://problem/43592586>