[Webkit-unassigned] [Bug 224835] Fix handling of overflow of /= and *= operators with double over Checked<uint64_t> and other 64-bit types.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Apr 25 12:05:20 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=224835
--- Comment #8 from Darin Adler <darin at apple.com> ---
I had a hard enough timing fixing this that I considered just deleting the *= overloads for double and float, since the rest of CheckedArithmetic.h doesn’t have any floating point type support.
When I tried that (and it still might be the best solution to this annoyingly thorny problem), I found one call site that is using this, which may be the *only* call site using it, GPUBindGroupAllocator::reallocate:
newLength *= 1.25
I think now that I should just rewrite this to:
newLength += newLength / 4;
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210425/e0abf5de/attachment.htm>
More information about the webkit-unassigned
mailing list