| Backport patch to fix CVE-2017-17821. Refer to |
| https://security-tracker.debian.org/tracker/CVE-2017-17821. |
| |
| Upstream-Status: Backport [https://trac.webkit.org/changeset/232119/webkit] |
| CVE: CVE-2017-17821 |
| |
| Signed-off-by: Kai Kang <kai.kang@windriver.com> |
| |
| From 2a17b15297eb886b0bfb7d098ef607cfad6c3da0 Mon Sep 17 00:00:00 2001 |
| From: "mcatanzaro@igalia.com" |
| <mcatanzaro@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> |
| Date: Wed, 23 May 2018 17:54:01 +0000 |
| Subject: [PATCH] Prohibit shrinking the FastBitVector |
| https://bugs.webkit.org/show_bug.cgi?id=181020 |
| |
| Reviewed by Oliver Hunt. |
| |
| Prohibit shrinking the FastBitVector. It's not prepared for this and the current usage does |
| not require it. |
| |
| * wtf/FastBitVector.cpp: |
| (WTF::FastBitVectorWordOwner::resizeSlow): |
| |
| git-svn-id: http://svn.webkit.org/repository/webkit/trunk@232119 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
| --- |
| Source/WTF/wtf/FastBitVector.cpp | 2 ++ |
| 2 files changed, 15 insertions(+) |
| |
| diff --git a/Source/WTF/wtf/FastBitVector.cpp b/Source/WTF/wtf/FastBitVector.cpp |
| index eed316975f4..8b019aaa3ed 100644 |
| --- a/Source/WTF/wtf/FastBitVector.cpp |
| +++ b/Source/WTF/wtf/FastBitVector.cpp |
| @@ -42,6 +42,8 @@ void FastBitVectorWordOwner::setEqualsSlow(const FastBitVectorWordOwner& other) |
| void FastBitVectorWordOwner::resizeSlow(size_t numBits) |
| { |
| size_t newLength = fastBitVectorArrayLength(numBits); |
| + |
| + RELEASE_ASSERT(newLength >= arrayLength()); |
| |
| // Use fastCalloc instead of fastRealloc because we expect the common |
| // use case for this method to be initializing the size of the bitvector. |
| -- |
| 2.17.0 |
| |