[webkit-reviews] review granted: [Bug 233148] Do some hardening in IPC::createMessageDecoder() : [Attachment 444307] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 15 17:37:44 PST 2021
Darin Adler <darin at apple.com> has granted Chris Dumez <cdumez at apple.com>'s
request for review:
Bug 233148: Do some hardening in IPC::createMessageDecoder()
https://bugs.webkit.org/show_bug.cgi?id=233148
Attachment 444307: Patch
https://bugs.webkit.org/attachment.cgi?id=444307&action=review
--- Comment #3 from Darin Adler <darin at apple.com> ---
Comment on attachment 444307
--> https://bugs.webkit.org/attachment.cgi?id=444307
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=444307&action=review
> Source/WebKit/Platform/IPC/cocoa/ConnectionCocoa.mm:438
> + auto sizeWithPortDescriptors = CheckedSize { sizeof(mach_msg_header_t) }
+ sizeof(mach_msg_body_t) + numberOfPortDescriptors *
sizeof(mach_msg_port_descriptor_t);
Could add the first two sizes inside CheckedSize.
Is the numberOfPortDescriptors multiplication safe without CheckedSize?
Currently it’s converted to CheckedSize only after multiplying.
> Source/WebKit/Platform/IPC/cocoa/ConnectionCocoa.mm:483
> + auto messageBodySize = CheckedSize { header->msgh_size } -
sizeWithPortDescriptors;
Not important to have the CheckedSize cast here.
More information about the webkit-reviews
mailing list