Bug 209132

Summary: SerializedScriptValue::decode should check bufferIsLargeEnoughToContain before allocating a buffer
Product: WebKit Reporter: Fujii Hironori <fujii.hironori>
Component: BindingsAssignee: Fujii Hironori <fujii.hironori>
Status: RESOLVED FIXED    
Severity: Normal CC: alecflett, beidson, cdumez, darin, ews-watchlist, jsbell, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 209131    
Attachments:
Description Flags
Patch
none
Patch darin: review+

Fujii Hironori
Reported 2020-03-16 00:45:35 PDT
SerializedScriptValue::decode should check bufferIsLargeEnoughToContain This is a sub-task of Bug 209131. Bug 209131 – Don't allocate a buffer with the decoded size without ensuring bufferIsLargeEnoughToContain(size)
Attachments
Patch (1.79 KB, patch)
2020-03-16 00:50 PDT, Fujii Hironori 		no flags
DetailsFormatted DiffDiff
Patch (1.77 KB, patch)
2020-03-16 17:23 PDT, Fujii Hironori 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Fujii Hironori
Comment 1 2020-03-16 00:50:10 PDT
Created attachment 393634 [details] Patch
Fujii Hironori
Comment 2 2020-03-16 17:23:18 PDT
Created attachment 393714 [details] Patch
Darin Adler
Comment 3 2020-03-17 15:38:17 PDT
Comment on attachment 393714 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393714&action=review > Source/WebCore/ChangeLog:8 > + I have no new tests. The idea here is to state *why* there are no tests. Otherwise please just leave this line out.
Fujii Hironori
Comment 4 2020-03-17 17:31:25 PDT
Committed r258614: <https://trac.webkit.org/changeset/258614>
Radar WebKit Bug Importer
Comment 5 2020-03-17 17:32:12 PDT
<rdar://problem/60562941>
Note You need to log in before you can comment on or make changes to this bug.