Changeset 69682 in webkit
- Timestamp:
- Oct 13, 2010 12:21:48 PM (14 years ago)
- Location:
- trunk/WebCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
bindings/js/SerializedScriptValue.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r69681 r69682 1 2010-10-13 Yong Li <yoli@rim.com> 2 3 Reviewed by Oliver Hunt. 4 5 Fix potential misaligned memory access in CloneDeserializer::readLittleEndian and readString 6 that can result crash on ARM (<v6). 7 https://bugs.webkit.org/show_bug.cgi?id=47594 8 9 No new test added, because the crash can be produced by existing tests like: 10 LayoutTests/fast/events/message-channel-gc-4.html 11 12 * bindings/js/SerializedScriptValue.cpp: 13 (WebCore::CloneDeserializer::readLittleEndian): 14 (WebCore::CloneDeserializer::readString): 15 1 16 2010-10-06 Martin Robinson <mrobinson@igalia.com> 2 17 -
trunk/WebCore/bindings/js/SerializedScriptValue.cpp
r67486 r69682 820 820 value = *ptr++; 821 821 else { 822 value = *reinterpret_cast_ptr<const T*>(ptr); 822 #if CPU(ARMV5_OR_LOWER) 823 // To protect misaligned memory access. 824 memcpy(&value, ptr, sizeof(T)); 825 #else 826 value = *reinterpret_cast<const T*>(ptr); 827 #endif 823 828 ptr += sizeof(T); 824 829 } … … 908 913 909 914 #if ASSUME_LITTLE_ENDIAN 910 str = UString(reinterpret_cast_ptr<const UChar*>(ptr), length); 915 #if CPU(ARMV5_OR_LOWER) 916 // To protect misaligned memory access. 917 Vector<UChar> alignedBuffer(length); 918 memcpy(alignedBuffer.data(), ptr, length * sizeof(UChar)); 919 str = UString::adopt(alignedBuffer); 920 #else 921 str = UString(reinterpret_cast<const UChar*>(ptr), length); 922 #endif 911 923 ptr += length * sizeof(UChar); 912 924 #else
Note: See TracChangeset
for help on using the changeset viewer.
