[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
andersca at apple.com
andersca at apple.com
Wed Dec 22 13:13:05 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 4f2496b4a9c1a88114e0421cb38c9ffc75ecab1e
Author: andersca at apple.com <andersca at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Sep 8 23:37:20 2010 +0000
Suggested and reviewed by Darin Adler.
Fix an overflow bug in bufferIsLargeEnoughToContain.
* Platform/CoreIPC/ArgumentDecoder.h:
(CoreIPC::ArgumentDecoder::bufferIsLargeEnoughToContain):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@67037 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index 41831a0..52defb0 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,5 +1,14 @@
2010-09-08 Anders Carlsson <andersca at apple.com>
+ Suggested and reviewed by Darin Adler.
+
+ Fix an overflow bug in bufferIsLargeEnoughToContain.
+
+ * Platform/CoreIPC/ArgumentDecoder.h:
+ (CoreIPC::ArgumentDecoder::bufferIsLargeEnoughToContain):
+
+2010-09-08 Anders Carlsson <andersca at apple.com>
+
Reviewed by Darin Adler.
Improve CoreIPC encoding of strings
diff --git a/WebKit2/Platform/CoreIPC/ArgumentDecoder.h b/WebKit2/Platform/CoreIPC/ArgumentDecoder.h
index e6b8498..42f359c 100644
--- a/WebKit2/Platform/CoreIPC/ArgumentDecoder.h
+++ b/WebKit2/Platform/CoreIPC/ArgumentDecoder.h
@@ -58,6 +58,9 @@ public:
template<typename T>
bool bufferIsLargeEnoughToContain(size_t numElements) const
{
+ if (numElements > std::numeric_limits<size_t>::max() / sizeof(T))
+ return false;
+
return bufferIsLargeEnoughToContain(__alignof(T), numElements * sizeof(T));
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list