That change didn't get serialization quite right. ModifyHeadersAction::serializedLength should've returned deserializeLength(span, sizeof(uint32_t)) + sizeof(uint32_t) but to make that serializedLength more consistent with the other serializedLength methods I just make the serialization start with the total serialized length. Also fix a possible out-of-bounds read.
Pull request: https://github.com/WebKit/WebKit/pull/5279
Committed 255419@main (bdd355ff73a9): <https://commits.webkit.org/255419@main> Reviewed commits have been landed. Closing PR #5279 and removing active labels.
<rdar://problem/101066138>
*** Bug 246286 has been marked as a duplicate of this bug. ***