Bug 198101 - [JSC] ArrayBufferContents::tryAllocate signs the pointer with allocation size and authenticates it with sizeInBytes
Summary: [JSC] ArrayBufferContents::tryAllocate signs the pointer with allocation size...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Yusuke Suzuki
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-05-21 20:39 PDT by Yusuke Suzuki
Modified: 2019-05-22 10:22 PDT (History)
7 users (show)

See Also:

Attachments
Patch (2.36 KB, patch)
2019-05-21 20:45 PDT, Yusuke Suzuki 		no flags Details | Formatted Diff | Diff
Patch (4.36 KB, patch)
2019-05-22 02:42 PDT, Yusuke Suzuki 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yusuke Suzuki 2019-05-21 20:39:35 PDT 
But we have some special path for 0 bytes. In this case, allocation size and sizeInBytes become different => authentication failure.
Comment 1 Yusuke Suzuki 2019-05-21 20:40:25 PDT 
<rdar://problem/50754184>
Comment 2 Yusuke Suzuki 2019-05-21 20:45:58 PDT 
Created attachment 370377 [details]
Patch

WIP, checking that this actually fixes the issue
Comment 3 Yusuke Suzuki 2019-05-22 02:42:20 PDT 
Created attachment 370390 [details]
Patch
Comment 4 Michael Saboff 2019-05-22 08:59:05 PDT 
Comment on attachment 370390 [details]
Patch

r=me
Comment 5 Yusuke Suzuki 2019-05-22 10:09:55 PDT 
Comment on attachment 370390 [details]
Patch

Thanks!
Comment 6 WebKit Commit Bot 2019-05-22 10:21:26 PDT 
Comment on attachment 370390 [details]
Patch

Clearing flags on attachment: 370390

Committed r245622: <https://trac.webkit.org/changeset/245622>
Comment 7 WebKit Commit Bot 2019-05-22 10:21:28 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 8 Keith Miller 2019-05-22 10:22:54 PDT 
Comment on attachment 370390 [details]
Patch

Whoops! That would do it...