Changeset 258614 in webkit
- Timestamp:
- Mar 17, 2020 5:29:42 PM (4 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r258609 r258614 1 2020-03-17 Fujii Hironori <Hironori.Fujii@sony.com> 2 3 SerializedScriptValue::decode should check bufferIsLargeEnoughToContain before allocating a buffer 4 https://bugs.webkit.org/show_bug.cgi?id=209132 5 6 Reviewed by Darin Adler. 7 8 * bindings/js/SerializedScriptValue.h: 9 (WebCore::SerializedScriptValue::decode): Added bufferIsLargeEnoughToContain check. 10 Added a null check for Gigacage::tryMalloc. 11 1 12 2020-03-17 Chris Fleizach <cfleizach@apple.com> 2 13 -
trunk/Source/WebCore/bindings/js/SerializedScriptValue.h
r255315 r258614 180 180 if (!decoder.decode(bufferSize)) 181 181 return nullptr; 182 if (!decoder.template bufferIsLargeEnoughToContain<uint8_t>(bufferSize)) 183 return nullptr; 182 184 183 185 auto buffer = Gigacage::tryMalloc(Gigacage::Primitive, bufferSize); 186 if (!buffer) 187 return nullptr; 184 188 if (!decoder.decodeFixedLengthData(static_cast<uint8_t*>(buffer), bufferSize, 1)) { 185 189 Gigacage::free(Gigacage::Primitive, buffer);
Note: See TracChangeset
for help on using the changeset viewer.