[webkit-reviews] review denied: [Bug 209219] WebCoreArgumentCoders should check bufferIsLargeEnoughToContain before allocating buffers : [Attachment 393828] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 18 11:22:37 PDT 2020
Darin Adler <darin at apple.com> has denied Fujii Hironori
<Hironori.Fujii at sony.com>'s request for review:
Bug 209219: WebCoreArgumentCoders should check bufferIsLargeEnoughToContain
before allocating buffers
https://bugs.webkit.org/show_bug.cgi?id=209219
Attachment 393828: Patch
https://bugs.webkit.org/attachment.cgi?id=393828&action=review
--- Comment #4 from Darin Adler <darin at apple.com> ---
Comment on attachment 393828
--> https://bugs.webkit.org/attachment.cgi?id=393828
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=393828&action=review
> Source/WebKit/Shared/WebCoreArgumentCoders.cpp:158
> + if (!decoder.bufferIsLargeEnoughToContain<unsigned char>(bufferSize))
> + return false;
This *needs* to be inside the #if USE(UNIX_DOMAIN_SOCKETS) and should be
uint8_t, not unsigned char.
> Source/WebKit/Shared/WebCoreArgumentCoders.cpp:199
> + data.resize(0);
This is not needed. We can and should rely on being passed an empty vector.
> Source/WebKit/Shared/WebCoreArgumentCoders.cpp:202
> decodeSharedBuffer(decoder, buffer);
Strange and incorrect that this does not check the return result. Should say:
if (!decodeSharedBuffer(decoder, buffer))
return false;
More information about the webkit-reviews
mailing list