Found via chromium linux layout valgrind bot on LayoutTests/platform/mac/fast/loader/user-stylesheet-fast-path.html . Valgrind complains Invalid read of size 1 at strlen (mc_replace_strmem.c:275) by WebCore::String::fromUTF8(char const*) (String.cpp:682) by WebCore::Page::userStyleSheetLocationChanged() (Page.cpp:545) Address 0xd60f4af is 0 bytes after a block of size 31 alloc'd at malloc (vg_replace_malloc.c:195) ... by WebCore::base64Decode(WTF::Vector<char, 0ul> const&, WTF::Vector<char, 0ul>&) (Base64.cpp:134) by WebCore::Page::userStyleSheetLocationChanged() (Page.cpp:544) Looks like someone forgot to specify a length. I'll attach a fix.
Created attachment 42510 [details] Supply missing length argument to avoid buffer overrun le voilà!
Comment on attachment 42510 [details] Supply missing length argument to avoid buffer overrun + * page/Page.cpp: + (WebCore::Page::userStyleSheetLocationChanged): Ideally, there should be per-function comments explaining changes. r=me as is.
Comment on attachment 42510 [details] Supply missing length argument to avoid buffer overrun I wonder if there are other places we call from UTF8 and need fixes? Since dan's not a committer, adding this to the cq.
Comment on attachment 42510 [details] Supply missing length argument to avoid buffer overrun Clearing flags on attachment: 42510 Committed r50545: <http://trac.webkit.org/changeset/50545>
All reviewed patches have been landed. Closing bug.