Summary: | StringTypeAdapter constructor is not properly enforcing String::MaxLength. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Mark Lam <mark.lam> | ||||||
Component: | JavaScriptCore | Assignee: | Mark Lam <mark.lam> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | benjamin, cdumez, cmarcelo, commit-queue, darin, dbates, ews-watchlist, fpizlo, keith_miller, msaboff, rmorisset, saam, tzagallo, webkit-bug-importer, ysuzuki | ||||||
Priority: | P2 | Keywords: | InRadar | ||||||
Version: | WebKit Nightly Build | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Bug Depends on: | 190187 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Mark Lam
2018-10-08 21:51:24 PDT
Created attachment 351858 [details]
proposed patch.
Created attachment 351859 [details]
proposed patch.
Comment on attachment 351859 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=351859&action=review > Source/WTF/ChangeLog:11 > + length a size_t which removes this issue, and assert that it's within We’re ok with this not working on 32bit? Maybe just use uint64_t directly? Comment on attachment 351859 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=351859&action=review >> Source/WTF/ChangeLog:11 >> + length a size_t which removes this issue, and assert that it's within > > We’re ok with this not working on 32bit? Maybe just use uint64_t directly? I guess on 32bit we’re limited by address space. Comment on attachment 351859 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=351859&action=review Thanks for the review. >>> Source/WTF/ChangeLog:11 >>> + length a size_t which removes this issue, and assert that it's within >> >> We’re ok with this not working on 32bit? Maybe just use uint64_t directly? > > I guess on 32bit we’re limited by address space. Yes, this works on 32-bit because the string is limited by the address space. This is by design. Comment on attachment 351859 [details] proposed patch. Clearing flags on attachment: 351859 Committed r236969: <https://trac.webkit.org/changeset/236969> All reviewed patches have been landed. Closing bug. |