Bug 17030

Summary: Small buffer overflow within initialization
Product: WebKit Reporter: Stephan Binner <stbinner>
Component: JavaScriptCoreAssignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, ddkilzer
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Same as in original post
ap: review-
proposed fix sam: review+

Stephan Binner
Reported 2008-01-27 03:46:18 PST
The patch should say enough :-).... --- JavaScriptCore/kjs/date_object.cpp 2008/01/16 12:24:15 1.1 +++ JavaScriptCore/kjs/date_object.cpp 2008/01/16 12:24:21 @@ -908,7 +908,7 @@ // fall back to local timezone if (!haveTZ) { GregorianDateTime t; - memset(&t, 0, sizeof(tm)); + memset(&t, 0, sizeof(t)); t.monthDay = day; t.month = month; t.year = year - 1900;
Attachments
Same as in original post (390 bytes, patch)
2008-01-27 11:32 PST, Stephan Binner 		ap: review-
DetailsFormatted DiffDiff
proposed fix (1.42 KB, patch)
2008-02-21 22:33 PST, Alexey Proskuryakov 		sam: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2008-01-27 07:31:10 PST
Wow, thanks for catching this! AFAICT, on the Mac, these structs are the same - is struct tm bigger on Linux? Also, GregorianDateTime is initialized to zero anyway, so we should probably just take out the calls to memset here and elsewhere. Would you be willing to submit this for review as described in <http://webkit.org/coding/contributing.html>?
Stephan Binner
Comment 2 2008-01-27 11:31:21 PST
On x86_64 it is.
Stephan Binner
Comment 3 2008-01-27 11:32:28 PST
Created attachment 18723 [details] Same as in original post
Alexey Proskuryakov
Comment 4 2008-01-27 12:05:14 PST
Comment on attachment 18723 [details] Same as in original post Instead of correcting memset usage, we should just remove it (not just here, but all the instances that were mistakenly used for GregorianDateTime initialization). Also, the patch needs a change log.
Alexey Proskuryakov
Comment 5 2008-02-21 22:33:51 PST
Created attachment 19273 [details] proposed fix
Alexey Proskuryakov
Comment 6 2008-02-27 09:14:34 PST
Committed revision 30625.
Note You need to log in before you can comment on or make changes to this bug.