Bug 22623

Summary: Uninitialized memory access in cache parsing code
Product: WebKit Reporter: Dean McNamee <deanm>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ddkilzer, koivisto
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
Patch to initialize the variables in the contructors.
ddkilzer: review+
Added bug reference none

Dean McNamee
Reported 2008-12-03 05:13:02 PST
http://trac.webkit.org/changeset/38145 https://bugs.webkit.org/show_bug.cgi?id=21596 This patch added two additional fields: 129 mutable bool m_haveParsedCacheControlHeader:1; 130 mutable bool m_haveParsedPragmaHeader:1; These are not initialized anywhere. They should likely both be set to false in the constructor above. This is causing undefined behavior, it can lead to the code thinking we have already parsed the cache control header (and returning the already parsed value), when we actually have no parsed anything.
Attachments
Patch to initialize the variables in the contructors. (1.23 KB, patch)
2008-12-03 05:17 PST, Dean McNamee 		ddkilzer: review+
DetailsFormatted DiffDiff
Added bug reference (1.28 KB, patch)
2008-12-03 06:38 PST, Dean McNamee 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dean McNamee
Comment 1 2008-12-03 05:17:59 PST
Created attachment 25707 [details] Patch to initialize the variables in the contructors.
David Kilzer (:ddkilzer)
Comment 2 2008-12-03 06:32:50 PST
Comment on attachment 25707 [details] Patch to initialize the variables in the contructors. >+2008-12-03 Dean McNamee <deanm@chromium.org> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Initialize m_haveParsedCacheControlHeader and m_haveParsedPragmaHeader. >+ >+ * platform/network/ResourceResponseBase.h: >+ (WebCore::ResourceResponseBase::ResourceResponseBase): Please include a reference to this bug in the ChangeLog entry before landing the patch. Otherwise, looks good. Thanks for finding this! r=me
Dean McNamee
Comment 3 2008-12-03 06:38:12 PST
Created attachment 25709 [details] Added bug reference
Dean McNamee
Comment 4 2008-12-03 06:41:34 PST
Added a reference to the bug. I don't have commit access, so if you could commit it for me that'd be great. Thanks!
David Kilzer (:ddkilzer)
Comment 5 2008-12-03 07:02:03 PST
$ git svn dcommit Committing to http://svn.webkit.org/repository/webkit/trunk ... M WebCore/ChangeLog M WebCore/platform/network/ResourceResponseBase.h Committed r38940
David Kilzer (:ddkilzer)
Comment 6 2008-12-03 07:05:32 PST
http://trac.webkit.org/changeset/38940
Note You need to log in before you can comment on or make changes to this bug.