Bug 190139

Summary:

[WPE] fix buffer over-read in RenderThemeWPE::mediaControlsStyleSheet()

Product:

WebKit

Reporter:

Olivier Blin <olivier.blin>

Component:

WPE WebKit

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bugs-noreply, commit-queue, mcatanzaro, ysuzuki, zan

Priority:

Version:

Other

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Olivier Blin

Reported 2018-10-01 08:01:41 PDT

Like done for EFL in r210213, see https://bugs.webkit.org/show_bug.cgi?id=166622 This has been detected by a charactersAreAllASCII() assert failure. This is because ASCIILiteral() is wrongly used in mediaControlsStyleSheet(). mediaControlsBaseUserAgentStyleSheet is a char array, not a null-terminated string. It is thus incorrect to use StringImpl::createFromLiteral() that calls strlen() to get the string length. The String::ConstructFromLiteral constructor can not be used, since it skips the last character.

Attachments
Patch (2.03 KB, patch) 2018-10-01 08:03 PDT, Olivier Blin	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Olivier Blin

Comment 1 2018-10-01 08:03:33 PDT

Created attachment 351246 [details] Patch

WebKit Commit Bot

Comment 2 2018-10-01 10:19:54 PDT

Comment on attachment 351246 [details] Patch Clearing flags on attachment: 351246 Committed r236666: <https://trac.webkit.org/changeset/236666>

WebKit Commit Bot

Comment 3 2018-10-01 10:19:56 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.