RESOLVED FIXED 190392
StringTypeAdapter constructor is not properly enforcing String::MaxLength. 
https://bugs.webkit.org/show_bug.cgi?id=190392
Summary StringTypeAdapter constructor is not properly enforcing String::MaxLength.
Mark Lam
Reported 2018-10-08 21:51:24 PDT
Fix coming.
Attachments
proposed patch. (2.36 KB, patch)
2018-10-08 22:26 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
proposed patch. (2.26 KB, patch)
2018-10-08 22:31 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2018-10-08 21:51:59 PDT
<rdar://problem/45116210>
Mark Lam
Comment 2 2018-10-08 22:26:07 PDT
Created attachment 351858 [details] proposed patch.
Mark Lam
Comment 3 2018-10-08 22:31:34 PDT
Created attachment 351859 [details] proposed patch.
Saam Barati
Comment 4 2018-10-09 09:08:52 PDT
Comment on attachment 351859 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=351859&action=review > Source/WTF/ChangeLog:11 > + length a size_t which removes this issue, and assert that it's within We’re ok with this not working on 32bit? Maybe just use uint64_t directly?
Saam Barati
Comment 5 2018-10-09 09:10:17 PDT
Comment on attachment 351859 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=351859&action=review >> Source/WTF/ChangeLog:11 >> + length a size_t which removes this issue, and assert that it's within > > We’re ok with this not working on 32bit? Maybe just use uint64_t directly? I guess on 32bit we’re limited by address space.
Mark Lam
Comment 6 2018-10-09 10:50:13 PDT
Comment on attachment 351859 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=351859&action=review Thanks for the review. >>> Source/WTF/ChangeLog:11 >>> + length a size_t which removes this issue, and assert that it's within >> >> We’re ok with this not working on 32bit? Maybe just use uint64_t directly? > > I guess on 32bit we’re limited by address space. Yes, this works on 32-bit because the string is limited by the address space. This is by design.
WebKit Commit Bot
Comment 7 2018-10-09 11:16:04 PDT
Comment on attachment 351859 [details] proposed patch. Clearing flags on attachment: 351859 Committed r236969: <https://trac.webkit.org/changeset/236969>
WebKit Commit Bot
Comment 8 2018-10-09 11:16:06 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.