Bug 209132 - SerializedScriptValue::decode should check bufferIsLargeEnoughToContain before allocating a buffer
Summary: SerializedScriptValue::decode should check bufferIsLargeEnoughToContain befor...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Bindings (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Fujii Hironori
URL:
Keywords: InRadar
Depends on:
Blocks: 209131
  Show dependency treegraph
 
Reported: 2020-03-16 00:45 PDT by Fujii Hironori
Modified: 2020-03-17 17:32 PDT (History)
7 users (show)

See Also:

Attachments
Patch (1.79 KB, patch)
2020-03-16 00:50 PDT, Fujii Hironori 		no flags Details | Formatted Diff | Diff
Patch (1.77 KB, patch)
2020-03-16 17:23 PDT, Fujii Hironori 		darin: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Fujii Hironori 2020-03-16 00:45:35 PDT 
SerializedScriptValue::decode should check bufferIsLargeEnoughToContain

This is a sub-task of Bug 209131.
Bug 209131 – Don't allocate a buffer with the decoded size without ensuring bufferIsLargeEnoughToContain(size)
Comment 1 Fujii Hironori 2020-03-16 00:50:10 PDT 
Created attachment 393634 [details]
Patch
Comment 2 Fujii Hironori 2020-03-16 17:23:18 PDT 
Created attachment 393714 [details]
Patch
Comment 3 Darin Adler 2020-03-17 15:38:17 PDT 
Comment on attachment 393714 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=393714&action=review

> Source/WebCore/ChangeLog:8
> +        I have no new tests.

The idea here is to state *why* there are no tests. Otherwise please just leave this line out.
Comment 4 Fujii Hironori 2020-03-17 17:31:25 PDT 
Committed r258614: <https://trac.webkit.org/changeset/258614>
Comment 5 Radar WebKit Bug Importer 2020-03-17 17:32:12 PDT 
<rdar://problem/60562941>