WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
43369
WebBackForwardList::forwardListAsImmutableArrayWithLimit can return partly-uninitialized array
https://bugs.webkit.org/show_bug.cgi?id=43369
Summary
WebBackForwardList::forwardListAsImmutableArrayWithLimit can return partly-un...
John Sullivan
Reported
2010-08-02 11:20:36 PDT
WebBackForwardList::forwardListAsImmutableArrayWithLimit() has incorrect math that can result in it returning an array that is only partly (or not at all) filled in. The offending line is this one: unsigned last = std::min(m_current + limit, static_cast<unsigned>(m_entries.size() - 1)); if m_current + limit is larger than numeric_limits<unsigned>::max(), this expression will return the wrong value, and the subsequent for loop can skip filling in data for some array slots.
Attachments
Compute "last" a simpler way that doesn't have overflow potential.
(1.38 KB, patch)
2010-08-02 11:23 PDT
,
John Sullivan
adachan
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
John Sullivan
Comment 1
2010-08-02 11:23:24 PDT
Created
attachment 63242
[details]
Compute "last" a simpler way that doesn't have overflow potential.
John Sullivan
Comment 2
2010-08-02 11:41:45 PDT
Fixed in
http://trac.webkit.org/changeset/64480
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug