Bug 188740 - [JSC] HeapUtil should care about pointer overflow
Summary: [JSC] HeapUtil should care about pointer overflow
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Yusuke Suzuki
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-08-20 00:31 PDT by Yusuke Suzuki
Modified: 2018-08-21 22:06 PDT (History)
6 users (show)

See Also:

Attachments
Patch (1.97 KB, patch)
2018-08-20 00:55 PDT, Yusuke Suzuki 		saam: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yusuke Suzuki 2018-08-20 00:31:02 PDT 
[JSC] HeapUtil should care pointer overflow
Comment 1 Yusuke Suzuki 2018-08-20 00:55:11 PDT 
Created attachment 347485 [details]
Patch
Comment 2 Saam Barati 2018-08-21 19:53:28 PDT 
Comment on attachment 347485 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=347485&action=review

> Source/JavaScriptCore/ChangeLog:3
> +        [JSC] HeapUtil should care pointer overflow

care pointer => care about pointer

> Source/JavaScriptCore/ChangeLog:8
> +        `pointer - sizeof(IndexingHeader) - 1` causes an undefined behavior if a pointer is overflow.

is overflow => overflows
Comment 3 Yusuke Suzuki 2018-08-21 22:04:02 PDT 
Comment on attachment 347485 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=347485&action=review

Thank you!

>> Source/JavaScriptCore/ChangeLog:3
>> +        [JSC] HeapUtil should care pointer overflow
> 
> care pointer => care about pointer

Thanks, fixed.

>> Source/JavaScriptCore/ChangeLog:8
>> +        `pointer - sizeof(IndexingHeader) - 1` causes an undefined behavior if a pointer is overflow.
> 
> is overflow => overflows

Fixed.
Comment 4 Yusuke Suzuki 2018-08-21 22:05:13 PDT 
Committed r235161: <https://trac.webkit.org/changeset/235161>
Comment 5 Radar WebKit Bug Importer 2018-08-21 22:06:19 PDT 
<rdar://problem/43592586>