bc6e57953c
https://bugs.webkit.org/show_bug.cgi?id=224840 Patch by Ian Gilbert <iang@apple.com> on 2021-04-20 Reviewed by Sam Weinig. Source/WebKit: Vector decoder could attempt to allocate a large buffer and on failure would crash. Changed decode to avoid allocating a Vector based on the decoded size. Test: ipc/large-vector-allocate-failure-crash.html * Shared/Cocoa/WebCoreArgumentCodersCocoa.mm: (IPC::ArgumentCoder<Vector<RefPtr<ApplePayError>>>::decode): LayoutTests: Added a regression test. * ipc/large-vector-allocate-failure-crash-expected.txt: Added. * ipc/large-vector-allocate-failure-crash.html: Added. Canonical link: https://commits.webkit.org/236819@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@276341 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
||
|---|---|---|
| .. | ||
| analytics-logger-crash-expected.txt | ||
| analytics-logger-crash.html | ||
| argument-coders-crash-expected.txt | ||
| argument-coders-crash.html | ||
| decode-object-array-crash-expected.txt | ||
| decode-object-array-crash.html | ||
| large-vector-allocate-failure-crash-expected.txt | ||
| large-vector-allocate-failure-crash.html | ||
| pasteboard-write-custom-data-expected.txt | ||
| pasteboard-write-custom-data.html | ||
| set-text-indicator-expected.txt | ||
| set-text-indicator.html | ||
| web-authenticator-get-assertion-expected.txt | ||
| web-authenticator-get-assertion.html | ||