RESOLVED FIXED 188740
[JSC] HeapUtil should care about pointer overflow
https://bugs.webkit.org/show_bug.cgi?id=188740
Summary [JSC] HeapUtil should care about pointer overflow
Yusuke Suzuki
Reported 2018-08-20 00:31:02 PDT
[JSC] HeapUtil should care pointer overflow
Attachments
Patch (1.97 KB, patch)
2018-08-20 00:55 PDT, Yusuke Suzuki
saam: review+
Yusuke Suzuki
Comment 1 2018-08-20 00:55:11 PDT
Saam Barati
Comment 2 2018-08-21 19:53:28 PDT
Comment on attachment 347485 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=347485&action=review > Source/JavaScriptCore/ChangeLog:3 > + [JSC] HeapUtil should care pointer overflow care pointer => care about pointer > Source/JavaScriptCore/ChangeLog:8 > + `pointer - sizeof(IndexingHeader) - 1` causes an undefined behavior if a pointer is overflow. is overflow => overflows
Yusuke Suzuki
Comment 3 2018-08-21 22:04:02 PDT
Comment on attachment 347485 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=347485&action=review Thank you! >> Source/JavaScriptCore/ChangeLog:3 >> + [JSC] HeapUtil should care pointer overflow > > care pointer => care about pointer Thanks, fixed. >> Source/JavaScriptCore/ChangeLog:8 >> + `pointer - sizeof(IndexingHeader) - 1` causes an undefined behavior if a pointer is overflow. > > is overflow => overflows Fixed.
Yusuke Suzuki
Comment 4 2018-08-21 22:05:13 PDT
Radar WebKit Bug Importer
Comment 5 2018-08-21 22:06:19 PDT
Note You need to log in before you can comment on or make changes to this bug.