Bug 213524

Summary: Handle string overflow in DFG graph dump while validating AI.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, cdumez, cmarcelo, darin, ews-watchlist, keith_miller, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed patch. saam: review+

Mark Lam
Reported 2020-06-23 10:49:42 PDT
<rdar://problem/64635620>
Attachments
proposed patch. (4.37 KB, patch)
2020-06-23 10:56 PDT, Mark Lam 		saam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2020-06-23 10:56:49 PDT
Created attachment 402569 [details] proposed patch.
Mark Lam
Comment 2 2020-06-23 11:16:26 PDT
Thanks for the review. Landed in r263405: <http://trac.webkit.org/r263405>.
Darin Adler
Comment 3 2020-06-23 11:22:41 PDT
Comment on attachment 402569 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=402569&action=review > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:563 > + auto expectedString = out.tryToString(); > + m_graphDump = expectedString ? expectedString.value() : String("<out of memory while dumping graph>"_s); I would have written this using valueOr. I think it possibly be this one-liner: m_graphDump = out.tryToString().valueOr("<out of memory while dumping graph>"_s);
Mark Lam
Comment 4 2020-06-23 11:44:07 PDT
(In reply to Darin Adler from comment #3) > Comment on attachment 402569 [details] > proposed patch. > > View in context: > https://bugs.webkit.org/attachment.cgi?id=402569&action=review > > > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:563 > > + auto expectedString = out.tryToString(); > > + m_graphDump = expectedString ? expectedString.value() : String("<out of memory while dumping graph>"_s); > > I would have written this using valueOr. I think it possibly be this > one-liner: > > m_graphDump = out.tryToString().valueOr("<out of memory while dumping > graph>"_s); Nice. Will apply this (except with Expected::value_or(); there's no valueOr() method).
Mark Lam
Comment 5 2020-06-23 11:49:53 PDT
Landed follow up in r263408: <http://trac.webkit.org/r263408>.
Note You need to log in before you can comment on or make changes to this bug.