[Webkit-unassigned] [Bug 89787] alignment crash in MIMESniffer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jul 11 14:30:47 PDT 2012


https://bugs.webkit.org/show_bug.cgi?id=89787





--- Comment #3 from Rob Buis <rwlbuis at gmail.com>  2012-07-11 14:30:47 PST ---
Another way to deal with this is add the slow case, which has no problem with unalignment, since everything is char* based:

diff --git a/Source/WebCore/platform/network/MIMESniffing.cpp b/Source/WebCore/platform/network/MIMESniffing.cpp
index 5efd17f..f67adb5 100644
--- a/Source/WebCore/platform/network/MIMESniffing.cpp
+++ b/Source/WebCore/platform/network/MIMESniffing.cpp
@@ -233,11 +233,33 @@ static inline size_t dataSizeNeededForImageSniffing()
     return result;
 }

+#if (CPU(ARM) || CPU(MIPS)) && COMPILER(GCC)
+static inline bool maskedCompareSlowCase(const MagicNumbers& info, const char* data)
+{
+    const char* p = reinterpret_cast<const char*>(info.pattern);
+    const char* m = reinterpret_cast<const char*>(info.mask);
+    const char* d = reinterpret_cast<const char*>(data);
+
+    size_t count = info.size;
+
+    for (size_t i = 0; i < count; ++i) {
+        if ((*d++ & *m++) != *p++)
+            return false;
+    }
+    return true;
+}
+#endif
+
 static inline bool maskedCompare(const MagicNumbers& info, const char* data, size_t dataSize)
 {
     if (dataSize < info.size)
         return false;

+#if (CPU(ARM) || CPU(MIPS)) && COMPILER(GCC)
+    if (!isPointerTypeAlignmentOkay(data))
+        return maskedCompareSlowCase(info, data);
+#endif
+
     const uint32_t* pattern32 = reinterpret_cast_ptr<const uint32_t*>(info.pattern);
     const uint32_t* mask32 = reinterpret_cast_ptr<const uint32_t*>(info.mask);
     const uint32_t* data32 = reinterpret_cast_ptr<const uint32_t*>(data);

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list