[Webkit-unassigned] [Bug 145842] Network process crashes decoding invalid cache entry on 32bit system
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jun 10 14:15:37 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=145842
--- Comment #4 from Said Abou-Hallawa <sabouhallawa at apple.com> ---
Comment on attachment 254670
--> https://bugs.webkit.org/attachment.cgi?id=254670
patch
View in context: https://bugs.webkit.org/attachment.cgi?id=254670&action=review
> Source/WebKit2/NetworkProcess/cache/NetworkCacheDecoder.cpp:52
> + return currentOffset() + size <= m_bufferSize;
Does not the following code fix the overflow issue regardless whether it runs on 32 or 64bit?
return size <= m_bufferEnd - m_bufferPosition;
Otherwise I would suggest changing the last statement to be:
return size <= m_bufferSize - currentOffset();
Subtraction is always safer when dealing with large numbers but they have to have the same sign.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150610/91e208b6/attachment-0001.html>
More information about the webkit-unassigned
mailing list