Changeset 201772 in webkit


Ignore:
Timestamp:
Jun 7, 2016 2:09:59 PM (8 years ago)
Author:
Brent Fulgham
Message:

Prevents integer overflow in Vector.h
https://bugs.webkit.org/show_bug.cgi?id=158455
<rdar://problem/20235469>

Patch by Pranjal Jumde <pjumde@apple.com> on 2016-06-07
Reviewed by Mark Lam.

  • bmalloc/Vector.h:

(bmalloc::Vector<T>::reallocateBuffer):

Location:
trunk/Source/bmalloc
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/bmalloc/ChangeLog

    r201452 r201772  
     12016-06-07  Pranjal Jumde  <pjumde@apple.com>
     2
     3        Prevents integer overflow in Vector.h
     4        https://bugs.webkit.org/show_bug.cgi?id=158455
     5        <rdar://problem/20235469>
     6
     7        Reviewed by Mark Lam.
     8
     9        * bmalloc/Vector.h:
     10        (bmalloc::Vector<T>::reallocateBuffer):
     11
    1122016-05-27  Konstantin Tokarev  <annulen@yandex.ru>
    213
  • trunk/Source/bmalloc/bmalloc/Vector.h

    r199746 r201772  
    199199void Vector<T>::reallocateBuffer(size_t newCapacity)
    200200{
     201    RELEASE_BASSERT(newCapacity < std::numeric_limits<size_t>::max() / sizeof(T));
     202
    201203    size_t vmSize = bmalloc::vmSize(newCapacity * sizeof(T));
    202204    T* newBuffer = vmSize ? static_cast<T*>(vmAllocate(vmSize)) : nullptr;
Note: See TracChangeset for help on using the changeset viewer.