Bug 209132 - SerializedScriptValue::decode should check bufferIsLargeEnoughToContain before allocating a buffer
Summary: SerializedScriptValue::decode should check bufferIsLargeEnoughToContain befor...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Bindings (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Fujii Hironori
URL:
Keywords: InRadar
Depends on:
Blocks: 209131
  Show dependency treegraph
 
Reported: 2020-03-16 00:45 PDT by Fujii Hironori
Modified: 2020-03-17 17:32 PDT (History)
7 users (show)

See Also:


Attachments
Patch (1.79 KB, patch)
2020-03-16 00:50 PDT, Fujii Hironori
no flags Details | Formatted Diff | Diff
Patch (1.77 KB, patch)
2020-03-16 17:23 PDT, Fujii Hironori
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Fujii Hironori 2020-03-16 00:45:35 PDT
SerializedScriptValue::decode should check bufferIsLargeEnoughToContain

This is a sub-task of Bug 209131.
Bug 209131 – Don't allocate a buffer with the decoded size without ensuring bufferIsLargeEnoughToContain(size)
Comment 1 Fujii Hironori 2020-03-16 00:50:10 PDT
Created attachment 393634 [details]
Patch
Comment 2 Fujii Hironori 2020-03-16 17:23:18 PDT
Created attachment 393714 [details]
Patch
Comment 3 Darin Adler 2020-03-17 15:38:17 PDT
Comment on attachment 393714 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=393714&action=review

> Source/WebCore/ChangeLog:8
> +        I have no new tests.

The idea here is to state *why* there are no tests. Otherwise please just leave this line out.
Comment 4 Fujii Hironori 2020-03-17 17:31:25 PDT
Committed r258614: <https://trac.webkit.org/changeset/258614>
Comment 5 Radar WebKit Bug Importer 2020-03-17 17:32:12 PDT
<rdar://problem/60562941>