[webkit-changes] [238798] trunk/Source/WebKit

[darin]

Title: [238798] trunk/Source/WebKit

Revision

238798

Author

da...@apple.com

Date

2018-12-03 09:16:03 -0800 (Mon, 03 Dec 2018)

Log Message

Alignment padding needs to be zeroed out in IPC::Encoder
https://bugs.webkit.org/show_bug.cgi?id=192304

Reviewed by Chris Dumez.

Might be useful to make a regression test for this, but I couldn't find any
other tests for this code.

* Platform/IPC/Encoder.cpp:
(IPC::Encoder::grow): Use std::memset to zero-fill padding bytes.

* UIProcess/mac/LegacySessionStateCoding.cpp:
(WebKit::HistoryEntryDataEncoder::grow): Ditto.

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Platform/IPC/Encoder.cpp
• trunk/Source/WebKit/UIProcess/mac/LegacySessionStateCoding.cpp

Diff

Modified: trunk/Source/WebKit/ChangeLog (238797 => 238798)

--- trunk/Source/WebKit/ChangeLog	2018-12-03 16:45:42 UTC (rev 238797)
+++ trunk/Source/WebKit/ChangeLog	2018-12-03 17:16:03 UTC (rev 238798)
@@ -1,5 +1,21 @@
 2018-12-03  Darin Adler  <da...@apple.com>
 
+        Alignment padding needs to be zeroed out in IPC::Encoder
+        https://bugs.webkit.org/show_bug.cgi?id=192304
+
+        Reviewed by Chris Dumez.
+
+        Might be useful to make a regression test for this, but I couldn't find any
+        other tests for this code.
+
+        * Platform/IPC/Encoder.cpp:
+        (IPC::Encoder::grow): Use std::memset to zero-fill padding bytes.
+
+        * UIProcess/mac/LegacySessionStateCoding.cpp:
+        (WebKit::HistoryEntryDataEncoder::grow): Ditto.
+
+2018-12-03  Darin Adler  <da...@apple.com>
+
         [Cocoa] Streamline sandbox code a tiny bit
         https://bugs.webkit.org/show_bug.cgi?id=192299
 

Modified: trunk/Source/WebKit/Platform/IPC/Encoder.cpp (238797 => 238798)

--- trunk/Source/WebKit/Platform/IPC/Encoder.cpp	2018-12-03 16:45:42 UTC (rev 238797)
+++ trunk/Source/WebKit/Platform/IPC/Encoder.cpp	2018-12-03 17:16:03 UTC (rev 238798)
@@ -168,6 +168,8 @@
     size_t alignedSize = roundUpToAlignment(m_bufferSize, alignment);
     reserve(alignedSize + size);
 
+    std::memset(m_buffer + m_bufferSize, 0, alignedSize - m_bufferSize);
+
     m_bufferSize = alignedSize + size;
     m_bufferPointer = m_buffer + alignedSize + size;
     

Modified: trunk/Source/WebKit/UIProcess/mac/LegacySessionStateCoding.cpp (238797 => 238798)

--- trunk/Source/WebKit/UIProcess/mac/LegacySessionStateCoding.cpp	2018-12-03 16:45:42 UTC (rev 238797)
+++ trunk/Source/WebKit/UIProcess/mac/LegacySessionStateCoding.cpp	2018-12-03 17:16:03 UTC (rev 238798)
@@ -220,6 +220,8 @@
 
         growCapacity(alignedSize + size);
 
+        std::memset(m_buffer.get() + m_bufferSize, 0, alignedSize - m_bufferSize);
+
         m_bufferSize = alignedSize + size;
         m_bufferPointer = m_buffer.get() + m_bufferSize;
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes