Changeset 272744 in webkit

Timestamp:

Feb 11, 2021, 1:30:31 PM (5 years ago)

Author:

Darin Adler

Message:

[Cocoa] IPC decoder is using decoded size to allocate memory for an array
​https://bugs.webkit.org/show_bug.cgi?id=221773

Reviewed by Geoffrey Garen.

• Shared/Cocoa/ArgumentCodersCocoa.mm:

(IPC::decodeArrayInternal): As with other similar structures, such a Vector and
CFArray, don't use the size to preallocate space when decoding an NSArray. The
decoded size is potentially incorrect, which we will discover indirectly when
decoding the array elements; we can't safely use the size to make a choice about
allocating memory beforehand.

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• Shared/Cocoa/ArgumentCodersCocoa.mm (modified) (1 diff)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2021-02-11  Darin Adler  <darin@apple.com>
+
+        [Cocoa] IPC decoder is using decoded size to allocate memory for an array
+        https://bugs.webkit.org/show_bug.cgi?id=221773
+
+        Reviewed by Geoffrey Garen.
+
+        * Shared/Cocoa/ArgumentCodersCocoa.mm:
+        (IPC::decodeArrayInternal): As with other similar structures, such a Vector and
+        CFArray, don't use the size to preallocate space when decoding an NSArray. The
+        decoded size is potentially incorrect, which we will discover indirectly when
+        decoding the array elements; we can't safely use the size to make a choice about
+        allocating memory beforehand.
+
 2021-02-11  Brent Fulgham  <bfulgham@apple.com>
 

trunk/Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm

@@ -177 +177 @@
         return WTF::nullopt;
 
-    RetainPtr<NSMutableArray> array = adoptNS([[NSMutableArray alloc] initWithCapacity:size]);
+    auto array = adoptNS([[NSMutableArray alloc] init]);
     for (uint64_t i = 0; i < size; ++i) {
         auto value = decodeObject(decoder, allowedClasses);