[Webkit-unassigned] [Bug 224835] Fix handling of overflow of /= and *= operators with double over Checked<uint64_t> and other 64-bit types.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Apr 25 12:05:20 PDT 2021


https://bugs.webkit.org/show_bug.cgi?id=224835

--- Comment #8 from Darin Adler <darin at apple.com> ---
I had a hard enough timing fixing this that I considered just deleting the *= overloads for double and float, since the rest of CheckedArithmetic.h doesn’t have any floating point type support.

When I tried that (and it still might be the best solution to this annoyingly thorny problem), I found one call site that is using this, which may be the *only* call site using it, GPUBindGroupAllocator::reallocate:

    newLength *= 1.25

I think now that I should just rewrite this to:

    newLength += newLength / 4;

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210425/e0abf5de/attachment.htm>


More information about the webkit-unassigned mailing list