Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b386e6352b372656f14966dce0a91e08f878921e
https://github.com/WebKit/WebKit/commit/b386e6352b372656f14966dce0a91e08f878921e
Author: Mark Lam <[email protected]>
Date: 2025-09-06 (Sat, 06 Sep 2025)
Changed paths:
M Source/bmalloc/bmalloc/TZoneHeapManager.cpp
Log Message:
-----------
TZoneHeapManager::init() should use CC_SHA256_DIGEST_LENGTH for its CC_SHA256
seed size.
https://bugs.webkit.org/show_bug.cgi?id=298479
rdar://159973958
Reviewed by Yijia Huang and Yusuke Suzuki.
CC_SHA256_DIGEST_LENGTH is 32 bytes in size. It was previously allocating
CC_SHA1_DIGEST_LENGTH
which is 20 bytes in size. This is a theoretical OOB write bug. However,
disassembly of the
function shows that this bug is benign: the extra 12 bytes of stack memory
written to by
CC_SHA256 is unused. Regardless, we'll fix this.
Also fixed the following:
1. The 2nd while loop for computing m_tzoneKeySeed was checking:
while (remainingBytes > sizeof(m_tzoneKeySeed))
... but should be checking:
while (remainingBytes)
This is because it is intended to drain the remaining bytes in the
defaultSeed that don't
fit in sizeof(m_tzoneKeySeed).
2. Fixed the initialization of defaultSeed for !BOS(DARWIN) ports. This code
would not have
compiled previously, but no other ports were using TZone yet and hence did
not fail on this.
* Source/bmalloc/bmalloc/TZoneHeapManager.cpp:
(bmalloc::api::TZoneHeapManager::init):
Canonical link: https://commits.webkit.org/299666@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
