Bug 188571

Summary: [YARR] Align allocation size in BumpPointerAllocator with sizeof(void*)
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: don.olmstead, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch saam: review+

Description Yusuke Suzuki 2018-08-14 11:52:05 PDT 
[YARR] Align allocation size in BumpPointerAllocator with sizeof(void*)
Comment 1 Yusuke Suzuki 2018-08-14 11:55:08 PDT 
Created attachment 347100 [details]
Patch
Comment 2 Saam Barati 2018-08-15 14:33:22 PDT 
Comment on attachment 347100 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=347100&action=review

> Source/JavaScriptCore/yarr/YarrInterpreter.cpp:77
> +        static size_t allocationSize(size_t numberOfFrames)

Should we be worried about overflow here?

> Source/JavaScriptCore/yarr/YarrInterpreter.cpp:133
> +        static size_t allocationSize(size_t numberOfSubpatterns)

Ditto
Comment 3 Yusuke Suzuki 2018-08-16 02:36:19 PDT 
Comment on attachment 347100 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=347100&action=review

Thank you!

>> Source/JavaScriptCore/yarr/YarrInterpreter.cpp:77
>> +        static size_t allocationSize(size_t numberOfFrames)
> 
> Should we be worried about overflow here?

Use Checked<> here.

>> Source/JavaScriptCore/yarr/YarrInterpreter.cpp:133
>> +        static size_t allocationSize(size_t numberOfSubpatterns)
> 
> Ditto

Fixed by using Checked<>
Comment 4 Yusuke Suzuki 2018-08-16 02:41:42 PDT 
Committed r234916: <https://trac.webkit.org/changeset/234916>
Comment 5 Radar WebKit Bug Importer 2018-08-16 02:42:22 PDT 
<rdar://problem/43373238>