It seems that it needs to add an overflow check and ASSERT to remove the gcc warning below. warning: ‘void* memcpy(void*, const void*, size_t)’ specified bound 18446744073709551614 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=]
Created attachment 415616 [details] Patch
Comment on attachment 415616 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=415616&action=review > Source/WebCore/Modules/mediastream/H264Utils.cpp:138 > + if (spsPpsLength > std::numeric_limits<size_t>::max() - 2) { > + ASSERT_NOT_REACHED(); > + return { }; > + } Vector::resize will call CRASH if the size is too large. This instead returns an empty buffer. I don’t think there’s a good reason to be inconsistent about this. So this should just be CRASH(). An alternate way to do this would be to use checked arithmetic. CheckedSize exists for cases like this. That fix would be below. > Source/WebCore/Modules/mediastream/H264Utils.cpp:141 > buffer.resize(spsPpsLength + 2); Could do this instead: buffer.grow((CheckedSize(spsPpsLength) + 2).unsafeGet()); Using unsafeGet gives us the same crash behavior as Vector::resize. Using Vector::grow instead of Vector::resize is the best practice when starting with a new vector, skips unneeded logic for shrinking the buffer. Doing it this way has the advantage of tying the check directly to the arithmetic instead of having to make sure the preflight matches the arithmetic below.
This file and the statement caused the build warning no longer exist, so the build warning was removed.