Bug 141406 - REGRESSION: tryFastCalloc is no longer "try"
Summary: REGRESSION: tryFastCalloc is no longer "try"
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Template Framework (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alexey Proskuryakov
URL:
Keywords: Regression
Depends on:
Blocks:
 
Reported: 2015-02-09 15:24 PST by Alexey Proskuryakov
Modified: 2015-02-10 09:33 PST (History)
6 users (show)

See Also:

Attachments
proposed fix (1.19 KB, patch)
2015-02-09 15:27 PST, Alexey Proskuryakov 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Proskuryakov 2015-02-09 15:24:05 PST 
tryFastCalloc just calls through to fastCalloc, which crashes when allocation fails.
Comment 1 Alexey Proskuryakov 2015-02-09 15:27:16 PST 
Created attachment 246297 [details]
proposed fix

I saw this cause crashes on fast/canvas/webgl/webgl-compressed-texture-size-limit.html
Comment 2 WebKit Commit Bot 2015-02-09 16:12:43 PST 
Comment on attachment 246297 [details]
proposed fix

Clearing flags on attachment: 246297

Committed r179855: <http://trac.webkit.org/changeset/179855>
Comment 3 WebKit Commit Bot 2015-02-09 16:12:47 PST 
All reviewed patches have been landed.  Closing bug.
Comment 4 Darin Adler 2015-02-10 08:34:50 PST 
Comment on attachment 246297 [details]
proposed fix

View in context: https://bugs.webkit.org/attachment.cgi?id=246297&action=review

> Source/WTF/wtf/FastMalloc.cpp:326
> +    return tryFastZeroedMalloc(numElements * elementSize);

Wait a second, what about overflow checking for the multiplication?
Comment 5 Darin Adler 2015-02-10 08:36:36 PST 
I think that both fastCalloc and tryFastCalloc are missing checking on overflow in the multiplication in the USE_BMALLOC case.
Comment 6 Alexey Proskuryakov 2015-02-10 09:33:48 PST 
Great catch, I copied the existing code mindlessly.

Darin has a fix in bug 141434.