[Webkit-unassigned] [Bug 209131] Don't allocate a buffer with the decoded size without ensuring bufferIsLargeEnoughToContain(size)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 16 00:45:35 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=209131
Fujii Hironori <Hironori.Fujii at sony.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends on| |209132
Referenced Bugs:
https://bugs.webkit.org/show_bug.cgi?id=209132
[Bug 209132] SerializedScriptValue::decode should check bufferIsLargeEnoughToContain
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200316/15a6c43d/attachment.htm>
More information about the webkit-unassigned
mailing list