[webkit-reviews] review granted: [Bug 224984] Remove decoder memory allocations based on untrusted data (sizes) in the stream; related changes : [Attachment 426923] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 23 10:58:25 PDT 2021


Sam Weinig <sam at webkit.org> has granted Darin Adler <darin at apple.com>'s request
for review:
Bug 224984: Remove decoder memory allocations based on untrusted data (sizes)
in the stream; related changes
https://bugs.webkit.org/show_bug.cgi?id=224984

Attachment 426923: Patch

https://bugs.webkit.org/attachment.cgi?id=426923&action=review




--- Comment #3 from Sam Weinig <sam at webkit.org> ---
Comment on attachment 426923
  --> https://bugs.webkit.org/attachment.cgi?id=426923
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=426923&action=review

> Source/WebKit/Platform/IPC/ArgumentCoders.h:-517
>	   HashMapType hashMap;
> -	   hashMap.reserveInitialCapacity(hashMapSize);

Should we consider doing the trick we do for Vector here where if the key and
value are both fixed size we can check that the buffer is big enough to contain
size * (sizeof(key type) + sizeof(value type)) and then reserve? I don't have a
good feeling about what type of HashMaps/HashSets we use so I am not sure if
that is a useful optimization.


More information about the webkit-reviews mailing list