[webkit-changes] [239309] releases/WebKitGTK/webkit-2.22/Source/WTF

Mon, 17 Dec 2018 18:04:26 -0800

Title: [239309] releases/WebKitGTK/webkit-2.22/Source/WTF
Revision
239309
Author
mcatanz...@igalia.com
Date
2018-12-17 18:03:15 -0800 (Mon, 17 Dec 2018)

Log Message

Merge r239249 - Verify size is valid in USE_SYSTEM_MALLOC version of tryAllocateZeroedVirtualPages
https://bugs.webkit.org/show_bug.cgi?id=192738
rdar://problem/37502342

Reviewed by Mark Lam.

* wtf/Gigacage.cpp:
(Gigacage::tryAllocateZeroedVirtualPages): Added a RELEASE_ASSERT just
like the one in tryLargeZeroedMemalignVirtual in bmalloc.

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.22/Source/WTF/ChangeLog (239308 => 239309)


--- releases/WebKitGTK/webkit-2.22/Source/WTF/ChangeLog	2018-12-18 02:03:13 UTC (rev 239308)
+++ releases/WebKitGTK/webkit-2.22/Source/WTF/ChangeLog	2018-12-18 02:03:15 UTC (rev 239309)
@@ -1,3 +1,15 @@
+2018-12-14  Darin Adler  <da...@apple.com>
+
+        Verify size is valid in USE_SYSTEM_MALLOC version of tryAllocateZeroedVirtualPages
+        https://bugs.webkit.org/show_bug.cgi?id=192738
+        rdar://problem/37502342
+
+        Reviewed by Mark Lam.
+
+        * wtf/Gigacage.cpp:
+        (Gigacage::tryAllocateZeroedVirtualPages): Added a RELEASE_ASSERT just
+        like the one in tryLargeZeroedMemalignVirtual in bmalloc.
+
 2018-10-09  Mark Lam  <mark....@apple.com>
 
         StringTypeAdapter constructor is not properly enforcing String::MaxLength.

Modified: releases/WebKitGTK/webkit-2.22/Source/WTF/wtf/Gigacage.cpp (239308 => 239309)


--- releases/WebKitGTK/webkit-2.22/Source/WTF/wtf/Gigacage.cpp	2018-12-18 02:03:13 UTC (rev 239308)
+++ releases/WebKitGTK/webkit-2.22/Source/WTF/wtf/Gigacage.cpp	2018-12-18 02:03:15 UTC (rev 239309)
@@ -41,9 +41,10 @@
     return FastMalloc::tryMalloc(size);
 }
 
-void* tryAllocateZeroedVirtualPages(Kind, size_t size)
+void* tryAllocateZeroedVirtualPages(Kind, size_t requestedSize)
 {
-    size = roundUpToMultipleOf(WTF::pageSize(), size);
+    size_t size = roundUpToMultipleOf(WTF::pageSize(), requestedSize);
+    RELEASE_ASSERT(size >= requestedSize);
     void* result = OSAllocator::reserveAndCommit(size);
 #if !ASSERT_DISABLED
     if (result) {

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to