172556 – Vector::grow() will loop indefinitely and cause memory access violation if the new size is less than the current size

NEW 172556

Vector::grow() will loop indefinitely and cause memory access violation if the new size is less than the current size

https://bugs.webkit.org/show_bug.cgi?id=172556

Summary Vector::grow() will loop indefinitely and cause memory access violation if th...

Said Abou-Hallawa

Reported 2017-05-24 15:02:39 PDT

Similar issue will happen with Vector::shrink() if the new size is larger than the current size.

Attachments
Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2017-05-27 00:08:08 PDT

There is already an assertion to guard against this. This doesn't seem like something that needs fixing to me.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Nobody

Reported

2017-05-24 15:02 PDT

Modified

2017-05-27 00:08 PDT History

CC List

6 users Show

URL

Keywords

Depends on

Blocks