188571 2018-08-14 11:52:05 -0700 [YARR] Align allocation size in BumpPointerAllocator with sizeof(void*) 2018-08-16 02:42:22 -0700 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ysuzuki ysuzuki don.olmstead keith_miller mark.lam msaboff saam webkit-bug-importer oldest_to_newest 1450049 0 ysuzuki 2018-08-14 11:52:05 -0700 [YARR] Align allocation size in BumpPointerAllocator with sizeof(void*) 1450052 1 347100 ysuzuki 2018-08-14 11:55:08 -0700 Created attachment 347100 Patch 1450473 2 347100 saam 2018-08-15 14:33:22 -0700 Comment on attachment 347100 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=347100&action=review > Source/JavaScriptCore/yarr/YarrInterpreter.cpp:77 > + static size_t allocationSize(size_t numberOfFrames) Should we be worried about overflow here? > Source/JavaScriptCore/yarr/YarrInterpreter.cpp:133 > + static size_t allocationSize(size_t numberOfSubpatterns) Ditto 1450638 3 347100 ysuzuki 2018-08-16 02:36:19 -0700 Comment on attachment 347100 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=347100&action=review Thank you! >> Source/JavaScriptCore/yarr/YarrInterpreter.cpp:77 >> + static size_t allocationSize(size_t numberOfFrames) > > Should we be worried about overflow here? Use Checked<> here. >> Source/JavaScriptCore/yarr/YarrInterpreter.cpp:133 >> + static size_t allocationSize(size_t numberOfSubpatterns) > > Ditto Fixed by using Checked<> 1450640 4 ysuzuki 2018-08-16 02:41:42 -0700 Committed r234916: <https://trac.webkit.org/changeset/234916> 1450641 5 webkit-bug-importer 2018-08-16 02:42:22 -0700 <rdar://problem/43373238> 347100 2018-08-14 11:55:08 -0700 2018-08-15 14:33:22 -0700 Patch bug-188571-20180815035507.patch text/plain 6131 ysuzuki U3VidmVyc2lvbiBSZXZpc2lvbjogMjM0ODU3CmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCA3 MTEyZDE1NjQ4NmE2OThkZTg1NjYxNzMwNWQ5ZDkzNGM3OTFmOTRlLi42NmQwZGQxN2E2MzcxZDQy MTJkMGVkNDZhMjc2M2NiNGRhNWJhYjFiIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwyOCBAQAorMjAxOC0wOC0xNCAgWXVzdWtlIFN1enVraSAgPHl1c3VrZXN1enVraUBzbG93 c3RhcnQub3JnPgorCisgICAgICAgIFtZQVJSXSBBbGlnbiBhbGxvY2F0aW9uIHNpemUgaW4gQnVt cFBvaW50ZXJBbGxvY2F0b3Igd2l0aCBzaXplb2Yodm9pZCopCisgICAgICAgIGh0dHBzOi8vYnVn cy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xODg1NzEKKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBVQlNhbiBmaW5kcyBZYXJySW50ZXJwcmV0ZXIg cGVyZm9ybXMgbWlzYWxpZ25lZCBhY2Nlc3Nlcy4gVGhpcyBpcyBiZWNhdXNlIFlhcnJJbnRlcnBy ZXRlcgorICAgICAgICBhbGxvY2F0ZXMgRGlzanVuY3Rpb25Db250ZXh0IGFuZCBQYXJlbnRoZXNl c0Rpc2p1bmN0aW9uQ29udGV4dCBmcm9tIEJ1bXBQb2ludGVyQWxsb2NhdG9yCisgICAgICAgIHdp dGhvdXQgY29uc2lkZXJpbmcgYWxpZ25tZW50IG9mIHRoZW0uIFRoaXMgcGF0Y2ggYWRkcyBEaXNq dW5jdGlvbkNvbnRleHQ6OmFsbG9jYXRpb25TaXplCisgICAgICAgIGFuZCBQYXJlbnRoZXNlc0Rp c2p1bmN0aW9uQ29udGV4dDo6YWxsb2NhdGlvblNpemUgdG8gY2FsY3VsYXRlIGFsbG9jYXRpb24g c2l6ZXMgZm9yIHRoZW0uCisgICAgICAgIFRoZSBzaXplIGlzIGFsd2F5cyByb3VuZGVkIHRvIGBz aXplb2Yodm9pZCopYCBzbyB0aGF0IHRoZXNlIGNsYXNzZXMgYXJlIGFsd2F5cyBhbGxvY2F0ZWQK KyAgICAgICAgd2l0aCBgc2l6ZW9mKHZvaWQqKWAgYWxpZ25tZW50LiBXZSBhbHNvIGVuc3VyZSB0 aGUgYWxpZ25tZW50cyBvZiBib3RoIGNsYXNzZXMgYXJlIGxlc3MKKyAgICAgICAgdGhhbiBvciBl cXVhbCB0byBgc2l6ZW9mKHZvaWQqKWAgYnkgYHN0YXRpY19hc3NlcnRgLgorCisgICAgICAgICog eWFyci9ZYXJySW50ZXJwcmV0ZXIuY3BwOgorICAgICAgICAoSlNDOjpZYXJyOjpJbnRlcnByZXRl cjo6RGlzanVuY3Rpb25Db250ZXh0OjphbGxvY2F0aW9uU2l6ZSk6CisgICAgICAgIChKU0M6Ollh cnI6OkludGVycHJldGVyOjphbGxvY0Rpc2p1bmN0aW9uQ29udGV4dCk6CisgICAgICAgIChKU0M6 OllhcnI6OkludGVycHJldGVyOjpQYXJlbnRoZXNlc0Rpc2p1bmN0aW9uQ29udGV4dDo6UGFyZW50 aGVzZXNEaXNqdW5jdGlvbkNvbnRleHQpOgorICAgICAgICAoSlNDOjpZYXJyOjpJbnRlcnByZXRl cjo6UGFyZW50aGVzZXNEaXNqdW5jdGlvbkNvbnRleHQ6OmdldERpc2p1bmN0aW9uQ29udGV4dCk6 CisgICAgICAgIChKU0M6OllhcnI6OkludGVycHJldGVyOjpQYXJlbnRoZXNlc0Rpc2p1bmN0aW9u Q29udGV4dDo6YWxsb2NhdGlvblNpemUpOgorICAgICAgICAoSlNDOjpZYXJyOjpJbnRlcnByZXRl cjo6YWxsb2NQYXJlbnRoZXNlc0Rpc2p1bmN0aW9uQ29udGV4dCk6CisgICAgICAgIChKU0M6Ollh cnI6OkludGVycHJldGVyOjpJbnRlcnByZXRlcik6CisgICAgICAgIChKU0M6OllhcnI6OkludGVy cHJldGVyOjpEaXNqdW5jdGlvbkNvbnRleHQ6OkRpc2p1bmN0aW9uQ29udGV4dCk6IERlbGV0ZWQu CisKIDIwMTgtMDgtMTQgIFl1c3VrZSBTdXp1a2kgIDx5dXN1a2VzdXp1a2lAc2xvd3N0YXJ0Lm9y Zz4KIAogICAgICAgICBbSlNDXSBHZXRCeUlkU3RhdHVzOjptX3dhc1NlZW5JbkpJVCBpcyB0b3Vj aGVkIGluIEdldEJ5SWRTdGF0dXM6OnNsb3dWZXJzaW9uCmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2 YVNjcmlwdENvcmUveWFyci9ZYXJySW50ZXJwcmV0ZXIuY3BwIGIvU291cmNlL0phdmFTY3JpcHRD b3JlL3lhcnIvWWFyckludGVycHJldGVyLmNwcAppbmRleCBkNmNiODBkZWJiMDBiYzMwMGI3YjU2 ZWJjODc3YjUyZjNjNDM5YmVkLi5lNmU4YjZlMTJiNjkwOWJlOWI5MGVjNjE4ZmYwMzI3MDBjZWQz NDA1IDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUveWFyci9ZYXJySW50ZXJwcmV0 ZXIuY3BwCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS95YXJyL1lhcnJJbnRlcnByZXRlci5j cHAKQEAgLTY3LDE3ICs2NywyMCBAQCBjbGFzcyBJbnRlcnByZXRlciB7CiAKICAgICBzdHJ1Y3Qg RGlzanVuY3Rpb25Db250ZXh0CiAgICAgewotICAgICAgICBEaXNqdW5jdGlvbkNvbnRleHQoKQot ICAgICAgICAgICAgOiB0ZXJtKDApCi0gICAgICAgIHsKLSAgICAgICAgfQorICAgICAgICBEaXNq dW5jdGlvbkNvbnRleHQoKSA9IGRlZmF1bHQ7CiAKICAgICAgICAgdm9pZCogb3BlcmF0b3IgbmV3 KHNpemVfdCwgdm9pZCogd2hlcmUpCiAgICAgICAgIHsKICAgICAgICAgICAgIHJldHVybiB3aGVy ZTsKICAgICAgICAgfQogCi0gICAgICAgIGludCB0ZXJtOworICAgICAgICBzdGF0aWMgc2l6ZV90 IGFsbG9jYXRpb25TaXplKHNpemVfdCBudW1iZXJPZkZyYW1lcykKKyAgICAgICAgeworICAgICAg ICAgICAgc3RhdGljX2Fzc2VydChhbGlnbm9mKERpc2p1bmN0aW9uQ29udGV4dCkgPD0gc2l6ZW9m KHZvaWQqKSwgIiIpOworICAgICAgICAgICAgcmV0dXJuIHJvdW5kVXBUb011bHRpcGxlT2Y8c2l6 ZW9mKHZvaWQqKT4oc2l6ZW9mKERpc2p1bmN0aW9uQ29udGV4dCkgLSBzaXplb2YodWludHB0cl90 KSArIG51bWJlck9mRnJhbWVzICogc2l6ZW9mKHVpbnRwdHJfdCkpOworICAgICAgICB9CisKKyAg ICAgICAgaW50IHRlcm0geyAwIH07CiAgICAgICAgIHVuc2lnbmVkIG1hdGNoQmVnaW47CiAgICAg ICAgIHVuc2lnbmVkIG1hdGNoRW5kOwogICAgICAgICB1aW50cHRyX3QgZnJhbWVbMV07CkBAIC04 NSw3ICs4OCw3IEBAIGNsYXNzIEludGVycHJldGVyIHsKIAogICAgIERpc2p1bmN0aW9uQ29udGV4 dCogYWxsb2NEaXNqdW5jdGlvbkNvbnRleHQoQnl0ZURpc2p1bmN0aW9uKiBkaXNqdW5jdGlvbikK ICAgICB7Ci0gICAgICAgIHNpemVfdCBzaXplID0gc2l6ZW9mKERpc2p1bmN0aW9uQ29udGV4dCkg LSBzaXplb2YodWludHB0cl90KSArIGRpc2p1bmN0aW9uLT5tX2ZyYW1lU2l6ZSAqIHNpemVvZih1 aW50cHRyX3QpOworICAgICAgICBzaXplX3Qgc2l6ZSA9IERpc2p1bmN0aW9uQ29udGV4dDo6YWxs b2NhdGlvblNpemUoZGlzanVuY3Rpb24tPm1fZnJhbWVTaXplKTsKICAgICAgICAgYWxsb2NhdG9y UG9vbCA9IGFsbG9jYXRvclBvb2wtPmVuc3VyZUNhcGFjaXR5KHNpemUpOwogICAgICAgICBSRUxF QVNFX0FTU0VSVChhbGxvY2F0b3JQb29sKTsKICAgICAgICAgcmV0dXJuIG5ldyAoYWxsb2NhdG9y UG9vbC0+YWxsb2Moc2l6ZSkpIERpc2p1bmN0aW9uQ29udGV4dCgpOwpAQCAtOTksNyArMTAyLDYg QEAgY2xhc3MgSW50ZXJwcmV0ZXIgewogICAgIHN0cnVjdCBQYXJlbnRoZXNlc0Rpc2p1bmN0aW9u Q29udGV4dAogICAgIHsKICAgICAgICAgUGFyZW50aGVzZXNEaXNqdW5jdGlvbkNvbnRleHQodW5z aWduZWQqIG91dHB1dCwgQnl0ZVRlcm0mIHRlcm0pCi0gICAgICAgICAgICA6IG5leHQoMCkKICAg ICAgICAgewogICAgICAgICAgICAgdW5zaWduZWQgZmlyc3RTdWJwYXR0ZXJuSWQgPSB0ZXJtLmF0 b20uc3VicGF0dGVybklkOwogICAgICAgICAgICAgdW5zaWduZWQgbnVtTmVzdGVkU3VicGF0dGVy bnMgPSB0ZXJtLmF0b20ucGFyZW50aGVzZXNEaXNqdW5jdGlvbi0+bV9udW1TdWJwYXR0ZXJuczsK QEAgLTEyNSwxNiArMTI3LDIyIEBAIGNsYXNzIEludGVycHJldGVyIHsKIAogICAgICAgICBEaXNq dW5jdGlvbkNvbnRleHQqIGdldERpc2p1bmN0aW9uQ29udGV4dChCeXRlVGVybSYgdGVybSkKICAg ICAgICAgewotICAgICAgICAgICAgcmV0dXJuIHJlaW50ZXJwcmV0X2Nhc3Q8RGlzanVuY3Rpb25D b250ZXh0Kj4oJihzdWJwYXR0ZXJuQmFja3VwW3Rlcm0uYXRvbS5wYXJlbnRoZXNlc0Rpc2p1bmN0 aW9uLT5tX251bVN1YnBhdHRlcm5zIDw8IDFdKSk7CisgICAgICAgICAgICByZXR1cm4gYml0d2lz ZV9jYXN0PERpc2p1bmN0aW9uQ29udGV4dCo+KGJpdHdpc2VfY2FzdDx1aW50cHRyX3Q+KHRoaXMp ICsgYWxsb2NhdGlvblNpemUodGVybS5hdG9tLnBhcmVudGhlc2VzRGlzanVuY3Rpb24tPm1fbnVt U3VicGF0dGVybnMpKTsKKyAgICAgICAgfQorCisgICAgICAgIHN0YXRpYyBzaXplX3QgYWxsb2Nh dGlvblNpemUoc2l6ZV90IG51bWJlck9mU3VicGF0dGVybnMpCisgICAgICAgIHsKKyAgICAgICAg ICAgIHN0YXRpY19hc3NlcnQoYWxpZ25vZihQYXJlbnRoZXNlc0Rpc2p1bmN0aW9uQ29udGV4dCkg PD0gc2l6ZW9mKHZvaWQqKSwgIiIpOworICAgICAgICAgICAgcmV0dXJuIHJvdW5kVXBUb011bHRp cGxlT2Y8c2l6ZW9mKHZvaWQqKT4oc2l6ZW9mKFBhcmVudGhlc2VzRGlzanVuY3Rpb25Db250ZXh0 KSAtIHNpemVvZih1bnNpZ25lZCkgKyAobnVtYmVyT2ZTdWJwYXR0ZXJucyA8PCAxKSAqIHNpemVv Zih1bnNpZ25lZCkpOwogICAgICAgICB9CiAKLSAgICAgICAgUGFyZW50aGVzZXNEaXNqdW5jdGlv bkNvbnRleHQqIG5leHQ7CisgICAgICAgIFBhcmVudGhlc2VzRGlzanVuY3Rpb25Db250ZXh0KiBu ZXh0IHsgbnVsbHB0ciB9OwogICAgICAgICB1bnNpZ25lZCBzdWJwYXR0ZXJuQmFja3VwWzFdOwog ICAgIH07CiAKICAgICBQYXJlbnRoZXNlc0Rpc2p1bmN0aW9uQ29udGV4dCogYWxsb2NQYXJlbnRo ZXNlc0Rpc2p1bmN0aW9uQ29udGV4dChCeXRlRGlzanVuY3Rpb24qIGRpc2p1bmN0aW9uLCB1bnNp Z25lZCogb3V0cHV0LCBCeXRlVGVybSYgdGVybSkKICAgICB7Ci0gICAgICAgIHNpemVfdCBzaXpl ID0gc2l6ZW9mKFBhcmVudGhlc2VzRGlzanVuY3Rpb25Db250ZXh0KSAtIHNpemVvZih1bnNpZ25l ZCkgKyAodGVybS5hdG9tLnBhcmVudGhlc2VzRGlzanVuY3Rpb24tPm1fbnVtU3VicGF0dGVybnMg PDwgMSkgKiBzaXplb2YodW5zaWduZWQpICsgc2l6ZW9mKERpc2p1bmN0aW9uQ29udGV4dCkgLSBz aXplb2YodWludHB0cl90KSArIHN0YXRpY19jYXN0PHNpemVfdD4oZGlzanVuY3Rpb24tPm1fZnJh bWVTaXplKSAqIHNpemVvZih1aW50cHRyX3QpOworICAgICAgICBzaXplX3Qgc2l6ZSA9IFBhcmVu dGhlc2VzRGlzanVuY3Rpb25Db250ZXh0OjphbGxvY2F0aW9uU2l6ZSh0ZXJtLmF0b20ucGFyZW50 aGVzZXNEaXNqdW5jdGlvbi0+bV9udW1TdWJwYXR0ZXJucykgKyBEaXNqdW5jdGlvbkNvbnRleHQ6 OmFsbG9jYXRpb25TaXplKGRpc2p1bmN0aW9uLT5tX2ZyYW1lU2l6ZSk7CiAgICAgICAgIGFsbG9j YXRvclBvb2wgPSBhbGxvY2F0b3JQb29sLT5lbnN1cmVDYXBhY2l0eShzaXplKTsKICAgICAgICAg UkVMRUFTRV9BU1NFUlQoYWxsb2NhdG9yUG9vbCk7CiAgICAgICAgIHJldHVybiBuZXcgKGFsbG9j YXRvclBvb2wtPmFsbG9jKHNpemUpKSBQYXJlbnRoZXNlc0Rpc2p1bmN0aW9uQ29udGV4dChvdXRw dXQsIHRlcm0pOwpAQCAtMTYzMCw3ICsxNjM4LDYgQEAgY2xhc3MgSW50ZXJwcmV0ZXIgewogICAg ICAgICAsIHVuaWNvZGUocGF0dGVybi0+dW5pY29kZSgpKQogICAgICAgICAsIG91dHB1dChvdXRw dXQpCiAgICAgICAgICwgaW5wdXQoaW5wdXQsIHN0YXJ0LCBsZW5ndGgsIHBhdHRlcm4tPnVuaWNv ZGUoKSkKLSAgICAgICAgLCBhbGxvY2F0b3JQb29sKDApCiAgICAgICAgICwgc3RhcnRPZmZzZXQo c3RhcnQpCiAgICAgICAgICwgcmVtYWluaW5nTWF0Y2hDb3VudChtYXRjaExpbWl0KQogICAgIHsK QEAgLTE2NDEsNyArMTY0OCw3IEBAIGNsYXNzIEludGVycHJldGVyIHsKICAgICBib29sIHVuaWNv ZGU7CiAgICAgdW5zaWduZWQqIG91dHB1dDsKICAgICBJbnB1dFN0cmVhbSBpbnB1dDsKLSAgICBC dW1wUG9pbnRlclBvb2wqIGFsbG9jYXRvclBvb2w7CisgICAgQnVtcFBvaW50ZXJQb29sKiBhbGxv Y2F0b3JQb29sIHsgbnVsbHB0ciB9OwogICAgIHVuc2lnbmVkIHN0YXJ0T2Zmc2V0OwogICAgIHVu c2lnbmVkIHJlbWFpbmluZ01hdGNoQ291bnQ7CiB9Owo=