RESOLVED FIXED 32861
when condition COMPILER(RVCT) is fulfilled, we are trying to free a pointer to array allocated on the stack 
https://bugs.webkit.org/show_bug.cgi?id=32861
Summary when condition COMPILER(RVCT) is fulfilled, we are trying to free a pointer t...
Fridrich Strba
Reported 2009-12-22 01:39:39 PST
The following commit added COMPILER(RVCT) condition to the function and uses vsnprintf on a char[1024] and forgets to add the same condition for not freeing the variable. This might lead to a crash at runtime. 2009-12-21 Kwang Yul Seo <skyul@company100.net> Reviewed by Eric Seidel. Use vsnprintf instead of vasprintf for RVCT. https://bugs.webkit.org/show_bug.cgi?id=32851 RVCT does not support vasprint, so use vsnprintf instead. * dom/XMLTokenizerLibxml2.cpp: (WebCore::XMLTokenizer::error):
Attachments
Ooops. Don't free the pointer for COMPILER(RVCT). (1.09 KB, patch)
2009-12-22 02:23 PST, Kwang Yul Seo 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Kwang Yul Seo
Comment 1 2009-12-22 02:23:03 PST
Created attachment 45377 [details] Ooops. Don't free the pointer for COMPILER(RVCT).
WebKit Review Bot
Comment 2 2009-12-22 02:24:09 PST
style-queue ran check-webkit-style on attachment 45377 [details] without any errors.
WebKit Commit Bot
Comment 3 2009-12-22 10:44:03 PST
Comment on attachment 45377 [details] Ooops. Don't free the pointer for COMPILER(RVCT). Clearing flags on attachment: 45377 Committed r52491: <http://trac.webkit.org/changeset/52491>
WebKit Commit Bot
Comment 4 2009-12-22 10:44:07 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.