Title: [275140] trunk/Source/WTF
- Revision
- 275140
- Author
- [email protected]
- Date
- 2021-03-27 14:05:23 -0700 (Sat, 27 Mar 2021)
Log Message
wtf/Vector.h:1276:88: runtime error: reference binding to null pointer of type 'const WebCore::Style::RuleFeature'
https://bugs.webkit.org/show_bug.cgi?id=223828
Reviewed by David Kilzer.
Fix issue found by UBSan in Vector::append(const U*, size_t):
wtf/Vector.h:1276:88: runtime error: reference binding to null pointer of type 'const WebCore::Style::RuleFeature'
wtf/Vector.h:1276:88: runtime error: reference binding to null pointer of type 'const WebCore::LayoutRect'
wtf/Vector.h:1276:88: runtime error: reference binding to null pointer of type 'const WTF::RefPtr<WebCore::CSSStyleSheet, WTF::RawPtrTraits<WebCore::CSSStyleSheet>, WTF::DefaultRefDerefTraits<WebCore::CSSStyleSheet> >'
* wtf/Vector.h:
(WTF::Malloc>::append):
Return early if dataSize is 0. For some call sites, the pointer may be null and dataSize is 0. In such cases,
we should just return early instead of proceeding and using the null pointer. I believe this can happen if
you call Vector::appendVector() with an empty Vector for example.
Modified Paths
Diff
Modified: trunk/Source/WTF/ChangeLog (275139 => 275140)
--- trunk/Source/WTF/ChangeLog 2021-03-27 20:57:15 UTC (rev 275139)
+++ trunk/Source/WTF/ChangeLog 2021-03-27 21:05:23 UTC (rev 275140)
@@ -1,3 +1,21 @@
+2021-03-27 Chris Dumez <[email protected]>
+
+ wtf/Vector.h:1276:88: runtime error: reference binding to null pointer of type 'const WebCore::Style::RuleFeature'
+ https://bugs.webkit.org/show_bug.cgi?id=223828
+
+ Reviewed by David Kilzer.
+
+ Fix issue found by UBSan in Vector::append(const U*, size_t):
+ wtf/Vector.h:1276:88: runtime error: reference binding to null pointer of type 'const WebCore::Style::RuleFeature'
+ wtf/Vector.h:1276:88: runtime error: reference binding to null pointer of type 'const WebCore::LayoutRect'
+ wtf/Vector.h:1276:88: runtime error: reference binding to null pointer of type 'const WTF::RefPtr<WebCore::CSSStyleSheet, WTF::RawPtrTraits<WebCore::CSSStyleSheet>, WTF::DefaultRefDerefTraits<WebCore::CSSStyleSheet> >'
+
+ * wtf/Vector.h:
+ (WTF::Malloc>::append):
+ Return early if dataSize is 0. For some call sites, the pointer may be null and dataSize is 0. In such cases,
+ we should just return early instead of proceeding and using the null pointer. I believe this can happen if
+ you call Vector::appendVector() with an empty Vector for example.
+
2021-03-26 Chris Dumez <[email protected]>
REGRESSION (r275038?): Perf test IndexedDB/stress/large-binary-keys.html failing with logging about memory pressure events
Modified: trunk/Source/WTF/wtf/Vector.h (275139 => 275140)
--- trunk/Source/WTF/wtf/Vector.h 2021-03-27 20:57:15 UTC (rev 275139)
+++ trunk/Source/WTF/wtf/Vector.h 2021-03-27 21:05:23 UTC (rev 275140)
@@ -1256,6 +1256,9 @@
ALWAYS_INLINE bool Vector<T, inlineCapacity, OverflowHandler, minCapacity, Malloc>::append(const U* data, size_t dataSize)
{
static_assert(action == FailureAction::Crash || action == FailureAction::Report);
+ if (!dataSize)
+ return true;
+
size_t newSize = m_size + dataSize;
if (newSize > capacity()) {
data = "" data);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
