Summary: JSArrayBufferView.h: Multiplication result converted to larger type: Multiplication result may overflow 'unsigned int' before it is converted to 'unsigned long'. static size_t sizeOf(uint32_t length, uint32_t elementSize) { return (length * elementSize + sizeof(EncodedJSValue) - 1) Multiplication result may overflow 'unsigned int' before it is converted to 'unsigned long'. & ~(sizeof(EncodedJSValue) - 1); } fix: cast length to size_t before multiplication.
<rdar://problem/58383286>
Created attachment 387122 [details] Patch
Comment on attachment 387122 [details] Patch Clearing flags on attachment: 387122 Committed r254218: <https://trac.webkit.org/changeset/254218>
All reviewed patches have been landed. Closing bug.