Bug 211000

Summary: IPC::Decoder::isInvalid() should be renamed to isValid()
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: WebKit2Assignee: David Kilzer (:ddkilzer) <ddkilzer>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, ggaren, useafterfree, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=210949
https://bugs.webkit.org/show_bug.cgi?id=211006
https://bugs.webkit.org/show_bug.cgi?id=203880
https://bugs.webkit.org/show_bug.cgi?id=211152
Attachments:
Description Flags
Patch v1
ddkilzer: commit-queue-
Patch v2
darin: review+
Patch for landing none

David Kilzer (:ddkilzer)
Reported 2020-04-24 15:29:34 PDT
IPC::Decoder::isInvalid() should be renamed to isValid(). Negative logic is more difficult to reason about.
Attachments
Patch v1 (5.87 KB, patch)
2020-04-24 15:32 PDT, David Kilzer (:ddkilzer) 		ddkilzer: commit-queue-
DetailsFormatted DiffDiff
Patch v2 (7.24 KB, patch)
2020-04-24 17:23 PDT, David Kilzer (:ddkilzer) 		darin: review+
DetailsFormatted DiffDiff
Patch for landing (7.33 KB, patch)
2020-04-24 18:25 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2020-04-24 15:32:59 PDT
Created attachment 397519 [details] Patch v1
David Kilzer (:ddkilzer)
Comment 2 2020-04-24 15:39:27 PDT
Comment on attachment 397519 [details] Patch v1 Apparently there is usage of isInvalid() in assert statements!
David Kilzer (:ddkilzer)
Comment 3 2020-04-24 17:23:44 PDT
Created attachment 397529 [details] Patch v2
Darin Adler
Comment 4 2020-04-24 17:41:40 PDT
Comment on attachment 397529 [details] Patch v2 View in context: https://bugs.webkit.org/attachment.cgi?id=397529&action=review > Source/WebKit/ChangeLog:3 > + IPC::Decoder::isInvalid() should be renamed to isValid() You don’t say why > Source/WebKit/Platform/IPC/Decoder.h:79 > - bool isInvalid() const > + bool isValid() const > { > // (m_bufferPos == m_bufferEnd) is a valid state for decoding if the last parameter > // is a variable length byte array and its size == 0. > - return m_bufferPos < m_buffer || m_bufferPos > m_bufferEnd; > + return m_bufferPos >= m_buffer && m_bufferPos <= m_bufferEnd; > } This is a very peculiar function. Why isn’t it just a null check? If we run off the end of the buffer, the damage has been done. Returning false from isValid doesn’t seem to do much good.
David Kilzer (:ddkilzer)
Comment 5 2020-04-24 18:16:59 PDT
Comment on attachment 397529 [details] Patch v2 View in context: https://bugs.webkit.org/attachment.cgi?id=397529&action=review >> Source/WebKit/ChangeLog:3 >> + IPC::Decoder::isInvalid() should be renamed to isValid() > > You don’t say why I'll add this to the ChangeLog (see Comment #0): Negative logic is more difficult to reason about. >> Source/WebKit/Platform/IPC/Decoder.h:79 >> } > > This is a very peculiar function. Why isn’t it just a null check? If we run off the end of the buffer, the damage has been done. Returning false from isValid doesn’t seem to do much good. Tracking this issue in Bug 211006.
David Kilzer (:ddkilzer)
Comment 6 2020-04-24 18:25:04 PDT
Created attachment 397533 [details] Patch for landing
EWS
Comment 7 2020-04-25 08:46:52 PDT
Committed r260704: <https://trac.webkit.org/changeset/260704> All reviewed patches have been landed. Closing bug and clearing flags on attachment 397533 [details].
Radar WebKit Bug Importer
Comment 8 2020-04-25 08:47:12 PDT
<rdar://problem/62371804>
Note You need to log in before you can comment on or make changes to this bug.