Bug 209132

Summary: SerializedScriptValue::decode should check bufferIsLargeEnoughToContain before allocating a buffer
Product: WebKit Reporter: Fujii Hironori <Hironori.Fujii>
Component: BindingsAssignee: Fujii Hironori <Hironori.Fujii>
Status: RESOLVED FIXED    
Severity: Normal CC: alecflett, beidson, cdumez, darin, ews-watchlist, jsbell, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 209131    
Attachments:
Description Flags
Patch
none
Patch darin: review+

Description Fujii Hironori 2020-03-16 00:45:35 PDT
SerializedScriptValue::decode should check bufferIsLargeEnoughToContain

This is a sub-task of Bug 209131.
Bug 209131 – Don't allocate a buffer with the decoded size without ensuring bufferIsLargeEnoughToContain(size)
Comment 1 Fujii Hironori 2020-03-16 00:50:10 PDT
Created attachment 393634 [details]
Patch
Comment 2 Fujii Hironori 2020-03-16 17:23:18 PDT
Created attachment 393714 [details]
Patch
Comment 3 Darin Adler 2020-03-17 15:38:17 PDT
Comment on attachment 393714 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=393714&action=review

> Source/WebCore/ChangeLog:8
> +        I have no new tests.

The idea here is to state *why* there are no tests. Otherwise please just leave this line out.
Comment 4 Fujii Hironori 2020-03-17 17:31:25 PDT
Committed r258614: <https://trac.webkit.org/changeset/258614>
Comment 5 Radar WebKit Bug Importer 2020-03-17 17:32:12 PDT
<rdar://problem/60562941>