Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(157)

Issue 2819873002: Avoid overflow on left shift in HpackVarintDecoder::Resume(). (Closed)

Created:
3 years, 8 months ago by Bence
Modified:
3 years, 8 months ago
CC:
chromium-reviews, cbentzel+watch_chromium.org, bnc+watch_chromium.org, net-reviews_chromium.org
Target Ref:
refs/heads/master
Project:
chromium
Visibility:
Public.

Description

Avoid overflow on left shift in HpackVarintDecoder::Resume(). This CL only changes functionality if |offset_ == MaxOffset()| and |byte != 0| in the last execution of the do loop. In this case, the final value of |offset_| will be different, but this is a private member with no accessor, and has no effect visible to consumers. Also, |value_| will not be incremented in the last cycle, in order to avoid the runtime error that Clusterfuzz filed this bug for. However, in this case decoding fails with kDecodeError, and |value_| is considered invalid anyway. BUG=698698 Review-Url: https://codereview.chromium.org/2819873002 Cr-Commit-Position: refs/heads/master@{#465235} Committed: https://chromium.googlesource.com/chromium/src/+/0b38727639f5a7846099709654d065ab4c90239d

Patch Set 1 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+4 lines, -5 lines) Patch
M net/http2/hpack/decoder/hpack_varint_decoder.h View 1 chunk +4 lines, -5 lines 1 comment Download

Messages

Total messages: 17 (9 generated)
Bence
James: PTAL.
3 years, 8 months ago (2017-04-15 00:03:21 UTC) #6
jamessynge
On 2017/04/15 00:03:21, Bence wrote: > James: PTAL. LGTM. I'll see if there is an ...
3 years, 8 months ago (2017-04-17 18:19:45 UTC) #7
Bence
James: Thank you for reviewing. xunjieli: please rubber stamp. Thank you.
3 years, 8 months ago (2017-04-17 18:25:09 UTC) #9
xunjieli
https://codereview.chromium.org/2819873002/diff/1/net/http2/hpack/decoder/hpack_varint_decoder.h File net/http2/hpack/decoder/hpack_varint_decoder.h (right): https://codereview.chromium.org/2819873002/diff/1/net/http2/hpack/decoder/hpack_varint_decoder.h#newcode98 net/http2/hpack/decoder/hpack_varint_decoder.h:98: if (offset_ == MaxOffset() && byte != 0) Can ...
3 years, 8 months ago (2017-04-17 20:51:34 UTC) #10
xunjieli
lgtm per offline discussion, changing the shared code is a hassle (might involve a flag ...
3 years, 8 months ago (2017-04-18 13:37:33 UTC) #11
Bence
Thank you.
3 years, 8 months ago (2017-04-18 13:37:56 UTC) #13
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2819873002/1
3 years, 8 months ago (2017-04-18 13:38:09 UTC) #14
commit-bot: I haz the power
3 years, 8 months ago (2017-04-18 14:53:05 UTC) #17
Message was sent while issue was closed.
Committed patchset #1 (id:1) as
https://chromium.googlesource.com/chromium/src/+/0b38727639f5a7846099709654d0...

Powered by Google App Engine
This is Rietveld 408576698