Bug 190139

Summary: [WPE] fix buffer over-read in RenderThemeWPE::mediaControlsStyleSheet()
Product: WebKit Reporter: Olivier Blin <olivier.blin>
Component: WPE WebKitAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, commit-queue, mcatanzaro, ysuzuki, zan
Priority: P2    
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Olivier Blin 2018-10-01 08:01:41 PDT 
Like done for EFL in r210213, see https://bugs.webkit.org/show_bug.cgi?id=166622

This has been detected by a charactersAreAllASCII() assert failure.

This is because ASCIILiteral() is wrongly used in mediaControlsStyleSheet().
mediaControlsBaseUserAgentStyleSheet is a char array, not a null-terminated string.
It is thus incorrect to use StringImpl::createFromLiteral() that calls strlen() to get the string length.

The String::ConstructFromLiteral constructor can not be used, since it skips the last character.
Comment 1 Olivier Blin 2018-10-01 08:03:33 PDT 
Created attachment 351246 [details]
Patch
Comment 2 WebKit Commit Bot 2018-10-01 10:19:54 PDT 
Comment on attachment 351246 [details]
Patch

Clearing flags on attachment: 351246

Committed r236666: <https://trac.webkit.org/changeset/236666>
Comment 3 WebKit Commit Bot 2018-10-01 10:19:56 PDT 
All reviewed patches have been landed.  Closing bug.