Bug 223694

Summary:

Address undefined behavior found by UBSan in StringToIntegerConversion.h

Product:

WebKit

Reporter:

Chris Dumez <cdumez>

Component:

Web Template Framework

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

benjamin, cmarcelo, darin, ews-watchlist, ggaren, sam, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=176131

Attachments:

Description	Flags
Patch	ggaren: review+

Chris Dumez

Reported 2021-03-24 09:13:17 PDT

Address undefined behavior found by UBSan in StringToIntegerConversion.h: - wtf/text/StringToIntegerConversion.h:94:30: runtime error: signed integer overflow: 2147483640 + 8 cannot be represented in type 'int' - wtf/text/StringToIntegerConversion.h:104:17: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself

Attachments
Patch (5.52 KB, patch) 2021-03-24 09:37 PDT, Chris Dumez	ggaren: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2021-03-24 09:37:01 PDT

Created attachment 424142 [details] Patch

Geoffrey Garen

Comment 2 2021-03-24 12:02:30 PDT

Comment on attachment 424142 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=424142&action=review r=me > Source/WTF/wtf/text/StringToIntegerConversion.h:54 > + Checked<IntegralType, RecordOverflow> value = 0; No need for = 0 anymore here.

Chris Dumez

Comment 3 2021-03-24 12:30:43 PDT

Committed r274959 (235712@main): <https://commits.webkit.org/235712@main>

Radar WebKit Bug Importer

Comment 4 2021-03-24 12:31:32 PDT

<rdar://problem/75799204>

Note You need to log in before you can comment on or make changes to this bug.