223694 – Address undefined behavior found by UBSan in StringToIntegerConversion.h

RESOLVED FIXED 223694

Address undefined behavior found by UBSan in StringToIntegerConversion.h

https://bugs.webkit.org/show_bug.cgi?id=223694

Summary Address undefined behavior found by UBSan in StringToIntegerConversion.h

Chris Dumez

Reported 2021-03-24 09:13:17 PDT

Address undefined behavior found by UBSan in StringToIntegerConversion.h: - wtf/text/StringToIntegerConversion.h:94:30: runtime error: signed integer overflow: 2147483640 + 8 cannot be represented in type 'int' - wtf/text/StringToIntegerConversion.h:104:17: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself

Attachments
Patch (5.52 KB, patch) 2021-03-24 09:37 PDT, Chris Dumez	ggaren: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2021-03-24 09:37:01 PDT

Created attachment 424142 [details] Patch

Geoffrey Garen

Comment 2 2021-03-24 12:02:30 PDT

Comment on attachment 424142 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=424142&action=review r=me > Source/WTF/wtf/text/StringToIntegerConversion.h:54 > + Checked<IntegralType, RecordOverflow> value = 0; No need for = 0 anymore here.

Chris Dumez

Comment 3 2021-03-24 12:30:43 PDT

Committed r274959 (235712@main): <https://commits.webkit.org/235712@main>

Radar WebKit Bug Importer

Comment 4 2021-03-24 12:31:32 PDT

<rdar://problem/75799204>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Web Template Framework

Assignee

Chris Dumez

Reported

2021-03-24 09:13 PDT

Modified

2021-03-24 12:31 PDT History

CC List

7 users Show

URL

Keywords InRadar

Depends on

Blocks