Bug 37466

Summary: Fix a potential integer overflow in WebGL*Array::slice()
Product: WebKit Reporter: Zhenyao Mo <zmo>
Component: WebGLAssignee: Zhenyao Mo <zmo>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, eric, kbr, oliver, xan.lopez
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
patch
none
revised patch: tiny fix none

Description Zhenyao Mo 2010-04-12 13:44:06 PDT 
There is a potential overflow problem in WebGL*Array::slice() as pointed out by Oliver Hunt in

https://bugs.webkit.org/show_bug.cgi?id=35612
Comment 1 Zhenyao Mo 2010-04-13 15:31:10 PDT 
Created attachment 53288 [details]
patch
Comment 2 Zhenyao Mo 2010-04-13 15:35:06 PDT 
Created attachment 53289 [details]
revised patch: tiny fix

removed an accidentally added empty line
Comment 3 Oliver Hunt 2010-04-13 15:49:22 PDT 
Comment on attachment 53289 [details]
revised patch: tiny fix

r=me
Comment 4 WebKit Commit Bot 2010-04-13 22:29:34 PDT 
Comment on attachment 53289 [details]
revised patch: tiny fix

Clearing flags on attachment: 53289

Committed r57559: <http://trac.webkit.org/changeset/57559>
Comment 5 WebKit Commit Bot 2010-04-13 22:29:38 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 6 Eric Seidel (no email) 2010-04-13 22:42:31 PDT 
Looks like this breaks the Gtk compile.
Comment 7 Zhenyao Mo 2010-04-13 23:13:01 PDT 
(In reply to comment #6)
> Looks like this breaks the Gtk compile.

You got the error message?  I don't know how to test-compile Gtk.
Comment 8 Eric Seidel (no email) 2010-04-13 23:14:55 PDT 
Nevermind.  Looks like the bot was just flaky.