Changeset 241550 in webkit


Ignore:
Timestamp:
Feb 14, 2019 9:37:23 AM (5 years ago)
Author:
Tadeu Zagallo
Message:

CachedBitVector's size must be converted from bits to bytes
https://bugs.webkit.org/show_bug.cgi?id=194441

Reviewed by Saam Barati.

CachedBitVector used its size in bits for memcpy. That didn't cause any
issues when encoding, since the size in bits was also used in the allocation,
but would overflow the actual BitVector buffer when decoding.

  • runtime/CachedTypes.cpp:

(JSC::CachedBitVector::encode):
(JSC::CachedBitVector::decode const):

Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r241547 r241550  
     12019-02-14  Tadeu Zagallo  <tzagallo@apple.com>
     2
     3        CachedBitVector's size must be converted from bits to bytes
     4        https://bugs.webkit.org/show_bug.cgi?id=194441
     5
     6        Reviewed by Saam Barati.
     7
     8        CachedBitVector used its size in bits for memcpy. That didn't cause any
     9        issues when encoding, since the size in bits was also used in the allocation,
     10        but would overflow the actual BitVector buffer when decoding.
     11
     12        * runtime/CachedTypes.cpp:
     13        (JSC::CachedBitVector::encode):
     14        (JSC::CachedBitVector::decode const):
     15
    1162019-02-13  Brian Burg  <bburg@apple.com>
    217

  • trunk/Source/JavaScriptCore/runtime/CachedTypes.cpp

    r241447 r241550  
    755755    void encode(Encoder& encoder, const BitVector& bitVector)
    756756    {
    757         m_size = bitVector.size();
    758         if (!m_size)
     757        m_numBits = bitVector.size();
     758        if (!m_numBits)
    759759            return;
    760         uint8_t* buffer = this->allocate(encoder, m_size);
    761         memcpy(buffer, bitVector.bits(), m_size);
     760        size_t sizeInBytes = BitVector::byteCount(m_numBits);
     761        uint8_t* buffer = this->allocate(encoder, sizeInBytes);
     762        memcpy(buffer, bitVector.bits(), sizeInBytes);
    762763    }
    763764
    764765    void decode(Decoder&, BitVector& bitVector) const
    765766    {
    766         if (!m_size)
     767        if (!m_numBits)
    767768            return;
    768         bitVector.ensureSize(m_size);
    769         memcpy(bitVector.bits(), this->buffer(), m_size);
    770     }
    771 
    772 private:
    773     unsigned m_size;
     769        bitVector.ensureSize(m_numBits);
     770        size_t sizeInBytes = BitVector::byteCount(m_numBits);
     771        memcpy(bitVector.bits(), this->buffer(), sizeInBytes);
     772    }
     773
     774private:
     775    size_t m_numBits;
    774776};
    775777
Note: See TracChangeset for help on using the changeset viewer.