Bug 223694

Summary: Address undefined behavior found by UBSan in StringToIntegerConversion.h
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: Web Template FrameworkAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, cmarcelo, darin, ews-watchlist, ggaren, sam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=176131
Attachments:
Description Flags
Patch ggaren: review+

Description Chris Dumez 2021-03-24 09:13:17 PDT 
Address undefined behavior found by UBSan in StringToIntegerConversion.h:
- wtf/text/StringToIntegerConversion.h:94:30: runtime error: signed integer overflow: 2147483640 + 8 cannot be represented in type 'int'
- wtf/text/StringToIntegerConversion.h:104:17: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Comment 1 Chris Dumez 2021-03-24 09:37:01 PDT 
Created attachment 424142 [details]
Patch
Comment 2 Geoffrey Garen 2021-03-24 12:02:30 PDT 
Comment on attachment 424142 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=424142&action=review

r=me

> Source/WTF/wtf/text/StringToIntegerConversion.h:54
> +    Checked<IntegralType, RecordOverflow> value = 0;

No need for = 0 anymore here.
Comment 3 Chris Dumez 2021-03-24 12:30:43 PDT 
Committed r274959 (235712@main): <https://commits.webkit.org/235712@main>
Comment 4 Radar WebKit Bug Importer 2021-03-24 12:31:32 PDT 
<rdar://problem/75799204>