Changeset 64875 in webkit
- Timestamp:
- Aug 6, 2010 3:39:28 PM (14 years ago)
- Location:
- trunk/WebKit2
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebKit2/ChangeLog
r64871 r64875 1 2010-08-06 Anders Carlsson <andersca@apple.com> 2 3 Reviewed by Sam Weinig. 4 5 Don't try to allocate a vector unless we know the buffer can contain it 6 https://bugs.webkit.org/show_bug.cgi?id=43647 7 8 * Platform/CoreIPC/ArgumentCoders.h: 9 (CoreIPC::): 10 Check that the argument decoder buffer actually can hold all the vector elements. 11 12 * Platform/CoreIPC/ArgumentDecoder.cpp: 13 (CoreIPC::ArgumentDecoder::bufferIsLargeEnoughtToContain): 14 Align the current position to the given alignment, add the size and check if the position is 15 past the end of the buffer. 16 17 * Platform/CoreIPC/ArgumentDecoder.h: 18 (CoreIPC::ArgumentDecoder::bufferIsLargeEnoughtToContain): 19 Get the size and alignment and call the other bufferIsLargeEnoughtToContain overload. 20 1 21 2010-08-06 Anders Carlsson <andersca@apple.com> 2 22 -
trunk/WebKit2/Platform/CoreIPC/ArgumentCoders.h
r61720 r64875 60 60 return false; 61 61 62 // Before allocating the cector, make sure that the decoder buffer is big enough. 63 if (!decoder->bufferIsLargeEnoughtToContain<T>(size)) { 64 decoder->markInvalid(); 65 return false; 66 } 67 62 68 Vector<T> tmp; 63 69 tmp.reserveCapacity(size); -
trunk/WebKit2/Platform/CoreIPC/ArgumentDecoder.cpp
r64871 r64875 78 78 } 79 79 80 bool ArgumentDecoder::bufferIsLargeEnoughtToContain(unsigned alignment, size_t size) const 81 { 82 return roundUpToAlignment(m_bufferPos, alignment) + size <= m_bufferEnd; 83 } 84 80 85 bool ArgumentDecoder::decodeBytes(Vector<uint8_t>& buffer) 81 86 { -
trunk/WebKit2/Platform/CoreIPC/ArgumentDecoder.h
r64871 r64875 56 56 bool decodeDouble(double&); 57 57 58 template<typename T> 59 bool bufferIsLargeEnoughtToContain(size_t numElements) const 60 { 61 return bufferIsLargeEnoughtToContain(__alignof(T), numElements * sizeof(T)); 62 } 63 58 64 // Generic type decode function. 59 65 template<typename T> bool decode(T& t) … … 80 86 81 87 bool alignBufferPosition(unsigned alignment, size_t size); 88 bool bufferIsLargeEnoughtToContain(unsigned alignment, size_t size) const; 82 89 83 90 uint64_t m_destinationID;
Note: See TracChangeset
for help on using the changeset viewer.