Backport patch to fix CVE-2017-17821. Refer to
https://security-tracker.debian.org/tracker/CVE-2017-17821.

Upstream-Status: Backport [https://trac.webkit.org/changeset/232119/webkit]
CVE: CVE-2017-17821

Signed-off-by: Kai Kang <kai.kang@windriver.com>

From 2a17b15297eb886b0bfb7d098ef607cfad6c3da0 Mon Sep 17 00:00:00 2001
From: "mcatanzaro@igalia.com"
 <mcatanzaro@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed, 23 May 2018 17:54:01 +0000
Subject: [PATCH] Prohibit shrinking the FastBitVector
 https://bugs.webkit.org/show_bug.cgi?id=181020

Reviewed by Oliver Hunt.

Prohibit shrinking the FastBitVector. It's not prepared for this and the current usage does
not require it.

* wtf/FastBitVector.cpp:
(WTF::FastBitVectorWordOwner::resizeSlow):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@232119 268f45cc-cd09-0410-ab3c-d52691b4dbfc
---
 Source/WTF/wtf/FastBitVector.cpp |  2 ++
 2 files changed, 15 insertions(+)

diff --git a/Source/WTF/wtf/FastBitVector.cpp b/Source/WTF/wtf/FastBitVector.cpp
index eed316975f4..8b019aaa3ed 100644
--- a/Source/WTF/wtf/FastBitVector.cpp
+++ b/Source/WTF/wtf/FastBitVector.cpp
@@ -42,6 +42,8 @@ void FastBitVectorWordOwner::setEqualsSlow(const FastBitVectorWordOwner& other)
 void FastBitVectorWordOwner::resizeSlow(size_t numBits)
 {
     size_t newLength = fastBitVectorArrayLength(numBits);
+
+    RELEASE_ASSERT(newLength >= arrayLength());
     
     // Use fastCalloc instead of fastRealloc because we expect the common
     // use case for this method to be initializing the size of the bitvector.
-- 
2.17.0