194877 2019-02-20 15:43:02 -0800 URL percent-encode operations should use checked arithmetic for buffer allocation length 2019-02-21 10:45:11 -0800 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 achristensen achristensen benjamin cdumez cmarcelo commit-queue dbates ews-watchlist thorton tsavell webkit-bug-importer oldest_to_newest 1508312 0 achristensen 2019-02-20 15:43:02 -0800 URL percent-encode operations should use checked arithmetic for buffer allocation length 1508314 1 362556 achristensen 2019-02-20 15:44:08 -0800 Created attachment 362556 Patch 1508315 2 achristensen 2019-02-20 15:44:12 -0800 <rdar://problem/48212062> 1508397 3 362556 commit-queue 2019-02-20 17:36:09 -0800 Comment on attachment 362556 Patch Clearing flags on attachment: 362556 Committed r241856: <https://trac.webkit.org/changeset/241856> 1508398 4 commit-queue 2019-02-20 17:36:11 -0800 All reviewed patches have been landed. Closing bug. 1508565 5 tsavell 2019-02-21 10:18:21 -0800 It looks like the changes in https://trac.webkit.org/changeset/241856/webkit most likely caused 5 API failures on Mac Log: https://build.webkit.org/builders/Apple%20High%20Sierra%20Release%20WK2%20%28Tests%29/builds/9628/steps/run-api-tests/logs/stdio build: https://build.webkit.org/builders/Apple%20High%20Sierra%20Release%20WK2%20%28Tests%29/builds/9628 1508574 6 tsavell 2019-02-21 10:45:11 -0800 These 5 API tests may be fallout from infrastructure downtime yesterday. 362556 2019-02-20 15:44:08 -0800 2019-02-20 17:36:09 -0800 Patch bug-194877-20190220154408.patch text/plain 2898 achristensen SW5kZXg6IFNvdXJjZS9XVEYvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XVEYvQ2hh bmdlTG9nCShyZXZpc2lvbiAyNDE4NDYpCisrKyBTb3VyY2UvV1RGL0NoYW5nZUxvZwkod29ya2lu ZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBACisyMDE5LTAyLTIwICBBbGV4IENocmlzdGVuc2VuICA8 YWNocmlzdGVuc2VuQHdlYmtpdC5vcmc+CisKKyAgICAgICAgVVJMIHBlcmNlbnQtZW5jb2RlIG9w ZXJhdGlvbnMgc2hvdWxkIHVzZSBjaGVja2VkIGFyaXRobWV0aWMgZm9yIGJ1ZmZlciBhbGxvY2F0 aW9uIGxlbmd0aAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/ aWQ9MTk0ODc3CisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS80ODIxMjA2Mj4KKworICAgICAgICBS ZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIHd0Zi9VUkxIZWxwZXJzLmNw cDoKKyAgICAgICAgKFdURjo6VVJMSGVscGVyczo6dXNlclZpc2libGVVUkwpOgorICAgICAgICAq IHd0Zi9jb2NvYS9OU1VSTEV4dHJhcy5tbToKKyAgICAgICAgKFdURjo6ZGF0YVdpdGhVc2VyVHlw ZWRTdHJpbmcpOgorCiAyMDE5LTAyLTIwICBBbmR5IEVzdGVzICA8YWVzdGVzQGFwcGxlLmNvbT4K IAogICAgICAgICBbWGNvZGVdIEFkZCBTREtWYXJpYW50LnhjY29uZmlnIHRvIHZhcmlvdXMgWGNv ZGUgcHJvamVjdHMKSW5kZXg6IFNvdXJjZS9XVEYvd3RmL1VSTEhlbHBlcnMuY3BwCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT0KLS0tIFNvdXJjZS9XVEYvd3RmL1VSTEhlbHBlcnMuY3BwCShyZXZpc2lvbiAyNDE3NTMpCisr KyBTb3VyY2UvV1RGL3d0Zi9VUkxIZWxwZXJzLmNwcAkod29ya2luZyBjb3B5KQpAQCAtODA4LDkg KzgwOCwxMSBAQCBTdHJpbmcgdXNlclZpc2libGVVUkwoY29uc3QgQ1N0cmluZyYgdXJsCiAKICAg ICBib29sIG1heU5lZWRIb3N0TmFtZURlY29kaW5nID0gZmFsc2U7CiAKLSAgICAvLyBUaGUgYnVm ZmVyIHNob3VsZCBiZSBsYXJnZSBlbm91Z2ggdG8gJS1lc2NhcGUgZXZlcnkgY2hhcmFjdGVyLgot ICAgIGludCBidWZmZXJMZW5ndGggPSAobGVuZ3RoICogMykgKyAxOwotICAgIFZlY3RvcjxjaGFy LCB1cmxCeXRlc0J1ZmZlckxlbmd0aD4gYWZ0ZXIoYnVmZmVyTGVuZ3RoKTsKKyAgICBDaGVja2Vk PGludCwgUmVjb3JkT3ZlcmZsb3c+IGJ1ZmZlckxlbmd0aCA9IGxlbmd0aDsKKyAgICBidWZmZXJM ZW5ndGggPSBidWZmZXJMZW5ndGggKiAzICsgMTsgLy8gVGhlIGJ1ZmZlciBzaG91bGQgYmUgbGFy Z2UgZW5vdWdoIHRvICUtZXNjYXBlIGV2ZXJ5IGNoYXJhY3Rlci4KKyAgICBpZiAoYnVmZmVyTGVu Z3RoLmhhc092ZXJmbG93ZWQoKSkKKyAgICAgICAgcmV0dXJuIHsgfTsKKyAgICBWZWN0b3I8Y2hh ciwgdXJsQnl0ZXNCdWZmZXJMZW5ndGg+IGFmdGVyKGJ1ZmZlckxlbmd0aC51bnNhZmVHZXQoKSk7 CiAKICAgICBjaGFyKiBxID0gYWZ0ZXIuZGF0YSgpOwogICAgIHsKQEAgLTg1MCw3ICs4NTIsNyBA QCBTdHJpbmcgdXNlclZpc2libGVVUkwoY29uc3QgQ1N0cmluZyYgdXJsCiAgICAgICAgIC8vIHRo ZW4gd2Ugd2lsbCBjb3B5IGJhY2sgYnl0ZXMgdG8gdGhlIHN0YXJ0IG9mIHRoZSBidWZmZXIgCiAg ICAgICAgIC8vIGFzIHdlIGNvbnZlcnQuCiAgICAgICAgIGludCBhZnRlcmxlbmd0aCA9IHEgLSBh ZnRlci5kYXRhKCk7Ci0gICAgICAgIGNoYXIqIHAgPSBhZnRlci5kYXRhKCkgKyBidWZmZXJMZW5n dGggLSBhZnRlcmxlbmd0aCAtIDE7CisgICAgICAgIGNoYXIqIHAgPSBhZnRlci5kYXRhKCkgKyBi dWZmZXJMZW5ndGgudW5zYWZlR2V0KCkgLSBhZnRlcmxlbmd0aCAtIDE7CiAgICAgICAgIG1lbW1v dmUocCwgYWZ0ZXIuZGF0YSgpLCBhZnRlcmxlbmd0aCArIDEpOyAvLyBjb3BpZXMgdHJhaWxpbmcg J1wwJwogICAgICAgICBjaGFyKiBxID0gYWZ0ZXIuZGF0YSgpOwogICAgICAgICB3aGlsZSAoKnAp IHsKSW5kZXg6IFNvdXJjZS9XVEYvd3RmL2NvY29hL05TVVJMRXh0cmFzLm1tCj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIFNvdXJjZS9XVEYvd3RmL2NvY29hL05TVVJMRXh0cmFzLm1tCShyZXZpc2lvbiAyNDE3NTMp CisrKyBTb3VyY2UvV1RGL3d0Zi9jb2NvYS9OU1VSTEV4dHJhcy5tbQkod29ya2luZyBjb3B5KQpA QCAtMTk0LDggKzE5NCwxMyBAQCBzdGF0aWMgTlNEYXRhICpkYXRhV2l0aFVzZXJUeXBlZFN0cmlu ZyhOCiAgICAgaW50IGluTGVuZ3RoID0gW3VzZXJUeXBlZERhdGEgbGVuZ3RoXTsKICAgICBpZiAo IWluTGVuZ3RoKQogICAgICAgICByZXR1cm4gbmlsOworCisgICAgQ2hlY2tlZDxpbnQsIFJlY29y ZE92ZXJmbG93PiBtYWxsb2NMZW5ndGggPSBpbkxlbmd0aDsKKyAgICBtYWxsb2NMZW5ndGggKj0g MzsgLy8gbGFyZ2UgZW5vdWdoIHRvICUtZXNjYXBlIGV2ZXJ5IGNoYXJhY3RlcgorICAgIGlmICht YWxsb2NMZW5ndGguaGFzT3ZlcmZsb3dlZCgpKQorICAgICAgICByZXR1cm4gbmlsOwogICAgIAot ICAgIGNoYXIqIG91dEJ5dGVzID0gc3RhdGljX2Nhc3Q8Y2hhciAqPihtYWxsb2MoaW5MZW5ndGgg KiAzKSk7IC8vIGxhcmdlIGVub3VnaCB0byAlLWVzY2FwZSBldmVyeSBjaGFyYWN0ZXIKKyAgICBj aGFyKiBvdXRCeXRlcyA9IHN0YXRpY19jYXN0PGNoYXIgKj4obWFsbG9jKG1hbGxvY0xlbmd0aC51 bnNhZmVHZXQoKSkpOwogICAgIGNoYXIqIHAgPSBvdXRCeXRlczsKICAgICBpbnQgb3V0TGVuZ3Ro ID0gMDsKICAgICBmb3IgKGludCBpID0gMDsgaSA8IGluTGVuZ3RoOyBpKyspIHsK