Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(691)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2520053003: Fix out-of-range access in unibrow::Utf8::CalculateValue. (Closed)

Created:
4 years, 1 month ago by jbroman
Modified:
4 years, 1 month ago
Reviewers:
vogelheim
CC:
v8-reviews_googlegroups.com
Target Ref:
refs/pending/heads/master
Project:
v8
Visibility:
Public.

Description

Fix out-of-range access in unibrow::Utf8::CalculateValue. This code should not access bytes out of the permitted range in order to check the range of a possible UTF-8 value. Instead, the length check should occur before such checks. BUG=chromium:667260, chromium:662822 Committed: https://crrev.com/9d524bd33dd2e8d861128499b1ffa3b3c6377628 Cr-Commit-Position: refs/heads/master@{#41165}

Patch Set 1 #

Total comments: 6
Unified diffs Side-by-side diffs Delta from patch set Stats (+52 lines, -14 lines) Patch
M src/unicode.cc View 1 chunk +9 lines, -13 lines 1 comment Download
M src/unicode-decoder.h View 1 chunk +2 lines, -1 line 2 comments Download
M test/unittests/BUILD.gn View 1 chunk +1 line, -0 lines 0 comments Download
A test/unittests/unicode-unittest.cc View 1 chunk +39 lines, -0 lines 3 comments Download
M test/unittests/unittests.gyp View 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 16 (10 generated)
jbroman
https://codereview.chromium.org/2520053003/diff/1/src/unicode-decoder.h File src/unicode-decoder.h (right): https://codereview.chromium.org/2520053003/diff/1/src/unicode-decoder.h#newcode10 src/unicode-decoder.h:10: #include "src/utils.h" MemCopy is used in this file. https://codereview.chromium.org/2520053003/diff/1/src/unicode-decoder.h#newcode14 ...
4 years, 1 month ago (2016-11-22 00:25:04 UTC) #4
vogelheim
lgtm Thanks! I really like that this makes the code more readable, too. :-) https://codereview.chromium.org/2520053003/diff/1/test/unittests/unicode-unittest.cc ...
4 years, 1 month ago (2016-11-22 09:25:53 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2520053003/1
4 years, 1 month ago (2016-11-22 09:26:03 UTC) #10
commit-bot: I haz the power
Committed patchset #1 (id:1)
4 years, 1 month ago (2016-11-22 09:27:48 UTC) #13
commit-bot: I haz the power
Patchset 1 (id:??) landed as https://crrev.com/9d524bd33dd2e8d861128499b1ffa3b3c6377628 Cr-Commit-Position: refs/heads/master@{#41165}
4 years, 1 month ago (2016-11-22 09:28:10 UTC) #15
jbroman
4 years, 1 month ago (2016-11-22 12:40:44 UTC) #16
Message was sent while issue was closed. 
https://codereview.chromium.org/2520053003/diff/1/test/unittests/unicode-unit...
File test/unittests/unicode-unittest.cc (right):

https://codereview.chromium.org/2520053003/diff/1/test/unittests/unicode-unit...
test/unittests/unicode-unittest.cc:31: // Not enough continuation bytes before
string ends.
On 2016/11/22 at 09:25:53, vogelheim wrote:
> On 2016/11/22 00:25:04, jbroman wrote:
> > All of these cases produce AddressSanitizer failures if unittests is run
with
> > is_asan=true.
> 
> Err... I take it they would with the original code, but no longer after this
fix, right?

Yes, of course. :-)

Powered by Google App Engine
This is Rietveld 408576698