RESOLVED FIXED205945
Instruction.h: Multiplication result converted to larger type 
https://bugs.webkit.org/show_bug.cgi?id=205945
Summary Instruction.h: Multiplication result converted to larger type
Michael Saboff
Reported 2020-01-08 11:46:37 PST
Summary: Instruction.h: Multiplication result converted to larger type: Multiplication result may overflow 'unsigned int' before it is converted to 'unsigned long'. template<typename Traits = JSOpcodeTraits> size_t size() const { auto sizeShiftAmount = this->sizeShiftAmount<Traits>(); auto prefixSize = sizeShiftAmount ? 1 : 0; auto operandSize = 1 << sizeShiftAmount; size_t sizeOfBytecode = 1; return sizeOfBytecode + (Traits::opcodeLengths[opcodeID<Traits>()] - 1) * operandSize + prefixSize; Multiplication result may overflow 'unsigned int' before it is converted to 'unsigned long'. } fix: Change operandSize to size_t.
Attachments
Patch (1.47 KB, patch)
2020-01-08 12:03 PST, Michael Saboff 		mark.lam: review+
msaboff: commit-queue-
DetailsFormatted DiffDiff
Patch to try and fix Microsoft warning. (1.45 KB, patch)
2020-01-08 13:38 PST, Michael Saboff 		no flags
DetailsFormatted DiffDiff
Patch (1.46 KB, patch)
2020-01-08 14:12 PST, Michael Saboff 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2020-01-08 11:46:53 PST
<rdar://problem/58383287>
Michael Saboff
Comment 2 2020-01-08 12:03:33 PST
Created attachment 387125 [details] Patch
Michael Saboff
Comment 3 2020-01-08 13:36:51 PST
Comment on attachment 387125 [details] Patch cq- to work through Microsoft warning as error.
Michael Saboff
Comment 4 2020-01-08 13:38:27 PST
Created attachment 387135 [details] Patch to try and fix Microsoft warning.
Michael Saboff
Comment 5 2020-01-08 14:12:48 PST
Created attachment 387139 [details] Patch Another try to silence the Microsoft compiler.
Yusuke Suzuki
Comment 6 2020-01-08 15:02:01 PST
Comment on attachment 387139 [details] Patch Note that this is suppressing some of alerts, but this old code never gets overflow since 1. operandSize is either of 1, 2, or 4 (Bytecode's operand size) 2. Bytecode opcode size is statically defined and never gets overflow in the last line of this code.
Michael Saboff
Comment 7 2020-01-08 16:52:32 PST
(In reply to Yusuke Suzuki from comment #6) > Comment on attachment 387139 [details] > Patch > > Note that this is suppressing some of alerts, but this old code never gets > overflow since > > 1. operandSize is either of 1, 2, or 4 (Bytecode's operand size) > 2. Bytecode opcode size is statically defined and never gets overflow in the > last line of this code. Agreed.
WebKit Commit Bot
Comment 8 2020-01-08 18:04:27 PST
Comment on attachment 387139 [details] Patch Clearing flags on attachment: 387139 Committed r254244: <https://trac.webkit.org/changeset/254244>
WebKit Commit Bot
Comment 9 2020-01-08 18:04:29 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.