209131 – Don't allocate a buffer with the decoded size without ensuring bufferIsLargeEnoughToContain(size)

RESOLVED FIXED209131

Don't allocate a buffer with the decoded size without ensuring bufferIsLargeEnoughToContain(size)

https://bugs.webkit.org/show_bug.cgi?id=209131

Summary Don't allocate a buffer with the decoded size without ensuring bufferIsLargeE...

Fujii Hironori

Reported 2020-03-15 23:23:34 PDT

Don't allocate a buffer with the decoded size without ensuring bufferIsLargeEnoughToContain(size) (In reply to Darin Adler from bug #207324 comment #5) > > I see the same mistake in: > > 1) decodeCFData in CertificateInfo.h > 2) AuthenticatorResponseData::decode where it also uses ArrayBuffer::create > but should be using ArrayBuffer::tryCreate > 3) SerializedScriptValue::decode > 4) decodeSharedBuffer and decodeTypesAndData in WebCoreArgumentCoders.cpp > > We need someone to fix all of those. May not be as easy to write tests for > those. Let's fix them.

Attachments
Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2022-06-30 17:03:17 PDT

All subtasks are complete. Closing!

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2020-03-15 23:23 PDT

Modified

2022-06-30 17:03 PDT History

CC List

2 users Show

URL

Keywords

Depends on

209132 209133 209219 209270

Blocks

Dependencies

tree graph