[webkit-reviews] review denied: [Bug 210540] Fix an integer overflow in WebCrypto AES-CTR Mac implementation, which may detect a false loop : [Attachment 396514] patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 15 12:16:41 PDT 2020
Jiewen Tan <jiewen_tan at apple.com> has denied Tomoki Imai
<tomoki.imai at sony.com>'s request for review:
Bug 210540: Fix an integer overflow in WebCrypto AES-CTR Mac implementation,
which may detect a false loop
https://bugs.webkit.org/show_bug.cgi?id=210540
Attachment 396514: patch
https://bugs.webkit.org/attachment.cgi?id=396514&action=review
--- Comment #2 from Jiewen Tan <jiewen_tan at apple.com> ---
Comment on attachment 396514
--> https://bugs.webkit.org/attachment.cgi?id=396514
patch
View in context: https://bugs.webkit.org/attachment.cgi?id=396514&action=review
Good catch! Please address my comments below.
> Source/WebCore/ChangeLog:6
> + (1 << counterLength) causes an integer overflow, and the undefined
behavior.
Maybe you could reference here:
https://en.cppreference.com/w/cpp/language/integer_literal.
> Source/WebCore/crypto/mac/CryptoAlgorithmAES_CTRMac.cpp:48
> + if (counterLength < sizeof(size_t) * 8 && numberOfBlocks > ((size_t)1 <<
counterLength))
((size_t)1 => 1ull
More information about the webkit-reviews
mailing list