[Webkit-unassigned] [Bug 230744] New: Length is incorrectly memcpy'ied over

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 24 01:50:52 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=230744

            Bug ID: 230744
           Summary: Length is incorrectly memcpy'ied over
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: kkinnunen at apple.com
            Blocks: 230743

Length is incorrectly memcpy'ied over

The implementation implements copy constructors and operators as memcpyies.
This is not ok as the type is not trivially copyable

The IPC encoding and decoding just memcpyies the memory over to other process.
This is not ok as the type is not trivially copyable.
This is not ok if "calculated" types are copied, as that results in wrong decoding.


Referenced Bugs:

https://bugs.webkit.org/show_bug.cgi?id=230743
[Bug 230743] IPC SimpleArgumentEncoder should static_assert(std::is_trivially_copyable<T>)
-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210924/9c362748/attachment.htm>

More information about the webkit-unassigned mailing list