RESOLVED FIXED 166622
[EFL] fix buffer over-read in RenderThemeEfl::mediaControlsStyleSheet() 
https://bugs.webkit.org/show_bug.cgi?id=166622
Summary [EFL] fix buffer over-read in RenderThemeEfl::mediaControlsStyleSheet()
Olivier Blin
Reported 2016-12-30 07:31:51 PST
This has been detected by a charactersAreAllASCII() assert failure. Initially in WebKitForWayland (WPE), but the code was likely borrowed from EFL. This is because ASCIILiteral() is wrongly used in mediaControlsStyleSheet(). mediaControlsBaseUserAgentStyleSheet is a char array, not a null-terminated string. It is thus incorrect to use StringImpl::createFromLiteral() that calls strlen() to get the string length. The String::ConstructFromLiteral constructor can not be used, since it skips the last character. The size should be explicitly passed to the String constructor.
Attachments
Patch (2.01 KB, patch)
2016-12-30 07:36 PST, Olivier Blin 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Olivier Blin
Comment 1 2016-12-30 07:36:57 PST
Created attachment 297858 [details] Patch
Gyuyoung Kim
Comment 2 2016-12-30 07:41:53 PST
Comment on attachment 297858 [details] Patch LGTM based on GTK port implementation.
WebKit Commit Bot
Comment 3 2016-12-30 08:17:23 PST
Comment on attachment 297858 [details] Patch Clearing flags on attachment: 297858 Committed r210213: <http://trac.webkit.org/changeset/210213>
WebKit Commit Bot
Comment 4 2016-12-30 08:17:29 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.