Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(25)

Issue 1677363002: Change assert to release assert for WTF::double_conversion::Vector to prevent OOB memory access. (Closed)

Created:
4 years ago by mmoroz
Modified:
4 years ago
CC:
chromium-reviews, blink-reviews, blink-reviews-wtf_chromium.org, Mikhail
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Change assert to release assert for WTF::double_conversion::Vector to prevent OOB memory access. R=inferno@chromium.org, mbarbella@chromium.org, ochang@chromium.org, tkent@chromium.org BUG=574802 Committed: https://crrev.com/ad618c3357e189fb685ea88fe4b8b25ac34f2c75 Cr-Commit-Position: refs/heads/master@{#374424}

Patch Set 1 #

Total comments: 2

Patch Set 2 : fix comment #

Unified diffs Side-by-side diffs Delta from patch set Stats (+2 lines, -2 lines) Patch
M third_party/WebKit/Source/wtf/dtoa/utils.h View 1 1 chunk +2 lines, -2 lines 0 comments Download

Messages

Total messages: 15 (3 generated)
mmoroz
4 years ago (2016-02-09 01:27:27 UTC) #1
Oliver Chang
lgtm
4 years ago (2016-02-09 01:29:08 UTC) #2
tkent
Can we remove this Vector and use WTF::Vector?
4 years ago (2016-02-09 01:31:13 UTC) #3
mmoroz
On 2016/02/09 01:31:13, tkent wrote: > Can we remove this Vector and use WTF::Vector? As ...
4 years ago (2016-02-09 01:55:33 UTC) #4
tkent
anyway, this is trivial. lgtm
4 years ago (2016-02-09 04:22:20 UTC) #5
inferno
lgtm https://codereview.chromium.org/1677363002/diff/1/third_party/WebKit/Source/wtf/dtoa/utils.h File third_party/WebKit/Source/wtf/dtoa/utils.h (right): https://codereview.chromium.org/1677363002/diff/1/third_party/WebKit/Source/wtf/dtoa/utils.h#newcode166 third_party/WebKit/Source/wtf/dtoa/utils.h:166: // Access individual vector elements - checks bounds ...
4 years ago (2016-02-09 04:30:13 UTC) #6
mmoroz
Thanks! https://codereview.chromium.org/1677363002/diff/1/third_party/WebKit/Source/wtf/dtoa/utils.h File third_party/WebKit/Source/wtf/dtoa/utils.h (right): https://codereview.chromium.org/1677363002/diff/1/third_party/WebKit/Source/wtf/dtoa/utils.h#newcode166 third_party/WebKit/Source/wtf/dtoa/utils.h:166: // Access individual vector elements - checks bounds ...
4 years ago (2016-02-09 16:50:55 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1677363002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1677363002/20001
4 years ago (2016-02-09 16:52:06 UTC) #10
commit-bot: I haz the power
Committed patchset #2 (id:20001)
4 years ago (2016-02-09 18:50:43 UTC) #11
commit-bot: I haz the power
Patchset 2 (id:??) landed as https://crrev.com/ad618c3357e189fb685ea88fe4b8b25ac34f2c75 Cr-Commit-Position: refs/heads/master@{#374424}
4 years ago (2016-02-09 18:51:42 UTC) #13
mmoroz
On 2016/02/09 18:51:42, commit-bot: I haz the power wrote: > Patchset 2 (id:??) landed as ...
4 years ago (2016-02-09 18:52:31 UTC) #14
inferno
4 years ago (2016-02-14 16:55:13 UTC) #15
Message was sent while issue was closed.
A revert of this CL (patchset #2 id:20001) has been created in
https://codereview.chromium.org/1694093002/ by inferno@chromium.org.

The reason for reverting is: Perf failures. Speculative revert to see if it
fixes.

BUG=586581,574802.

Powered by Google App Engine
This is Rietveld 408576698