[webkit-changes] [WebKit/WebKit] 0aa654: Update length check in appendQuotedJSONString to a...

Tue, 29 Oct 2024 09:05:30 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 0aa654672af463701ce4b6c7abcecfab18009058
      
https://github.com/WebKit/WebKit/commit/0aa654672af463701ce4b6c7abcecfab18009058
  Author: Mark Lam <[email protected]>
  Date:   2024-10-29 (Tue, 29 Oct 2024)

  Changed paths:
    M Source/JavaScriptCore/heap/HeapSnapshotBuilder.cpp
    M Source/JavaScriptCore/heap/HeapSnapshotBuilder.h
    M Source/JavaScriptCore/jsc.cpp
    M Source/WTF/wtf/text/StringBuilderJSON.cpp

  Log Message:
  -----------
  Update length check in appendQuotedJSONString to align with String's max 
length.
https://bugs.webkit.org/show_bug.cgi?id=281873
rdar://138178439

Reviewed by Keith Miller and Michael Saboff.

`appendQuotedJSONString` currently utilizes a `CheckedUint32`. However, String's
maximum length is MAX_INT, which is the bounds of an `Int32`. Thus, we should
use `CheckedInt32` so that we don't try to create a String that is too long.

Also enhanced HeapSnapshotBuilder to allow customization of how it reacts when 
it
encounters an imminent overflow by specifying an OverflowAction at construction
time.  We then apply OverflowAction::RecordOverflow to the jsc shell's use of
HeapSnapshotBuilder so that it can throw an OOME instead of crashing when 
imminent
overflow is detected while constructing the HeapSnapshot.

This will unblock fuzzers that fuzzes with the jsc shell's HeapSnapshot 
functions
though they shouldn't, and thereby, avoids a crash.

The appendQuotedJSONString change was original provided by Daniel Liu.

* Source/JavaScriptCore/heap/HeapSnapshotBuilder.cpp:
(JSC::HeapSnapshotBuilder::HeapSnapshotBuilder):
(JSC::HeapSnapshotBuilder::json):
* Source/JavaScriptCore/heap/HeapSnapshotBuilder.h:
* Source/JavaScriptCore/jsc.cpp:
(JSC_DEFINE_HOST_FUNCTION):
* Source/WTF/wtf/text/StringBuilderJSON.cpp:
(WTF::StringBuilder::appendQuotedJSONString):

Canonical link: https://commits.webkit.org/285840@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to