WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
24080
NPN_GetValue casting to the wrong type and writing outside bounds
https://bugs.webkit.org/show_bug.cgi?id=24080
Summary
NPN_GetValue casting to the wrong type and writing outside bounds
Larry Ewing
Reported
2009-02-22 11:40:32 PST
PluginView is casting NPBool types to uint32 and as a result writing outside the memory it owns potentially trashing the stack.
Attachments
fix for the problem
(708 bytes, patch)
2009-02-22 11:41 PST
,
Larry Ewing
no flags
Details
Formatted Diff
Diff
Patch with ChangeLog
(1.28 KB, patch)
2009-02-23 07:58 PST
,
Larry Ewing
no flags
Details
Formatted Diff
Diff
Patch for all platforms
(3.34 KB, patch)
2009-02-27 12:21 PST
,
Larry Ewing
ap
: review+
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Larry Ewing
Comment 1
2009-02-22 11:41:38 PST
Created
attachment 27868
[details]
fix for the problem
Larry Ewing
Comment 2
2009-02-23 07:58:18 PST
Created
attachment 27881
[details]
Patch with ChangeLog
Alexey Proskuryakov
Comment 3
2009-02-23 13:40:53 PST
Comment on
attachment 27881
[details]
Patch with ChangeLog Looks like this was meant for review, marking as such.
Alexey Proskuryakov
Comment 4
2009-02-27 11:11:29 PST
Per IRC discussion, this is a problem on other platforms, too.
Alexey Proskuryakov
Comment 5
2009-02-27 11:35:23 PST
<
http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/plugins/plugin_host.cc
> seems to have the same issue, even though this code doesn't look like it was derived from WebKit.
Anders Carlsson
Comment 6
2009-02-27 12:10:59 PST
Comment on
attachment 27881
[details]
Patch with ChangeLog r=me
Alexey Proskuryakov
Comment 7
2009-02-27 12:13:15 PST
Comment on
attachment 27881
[details]
Patch with ChangeLog Clearing review flag, because Larry is working on a patch which will fix this for all platforms.
Larry Ewing
Comment 8
2009-02-27 12:21:27 PST
Created
attachment 28099
[details]
Patch for all platforms Fix the NPBool values for all platforms and use c++ style casts
Alexey Proskuryakov
Comment 9
2009-03-01 05:47:55 PST
Comment on
attachment 28099
[details]
Patch for all platforms r=me There are tabs in ChangeLog, they will need to be replaced with spaces when landing.
David Levin
Comment 10
2009-03-01 16:43:08 PST
Committed as
r41346
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug