Bug 32861 - when condition COMPILER(RVCT) is fulfilled, we are trying to free a pointer to array allocated on the stack
Summary: when condition COMPILER(RVCT) is fulfilled, we are trying to free a pointer t...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Other
: P1 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-22 01:39 PST by Fridrich Strba
Modified: 2009-12-22 10:44 PST (History)
2 users (show)

See Also:

Attachments
Ooops. Don't free the pointer for COMPILER(RVCT). (1.09 KB, patch)
2009-12-22 02:23 PST, Kwang Yul Seo 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Fridrich Strba 2009-12-22 01:39:39 PST 
The following commit added COMPILER(RVCT) condition to the function and uses vsnprintf on a char[1024] and forgets to add the same condition for not freeing the variable. This might lead to a crash at runtime.

2009-12-21  Kwang Yul Seo  <skyul@company100.net>

        Reviewed by Eric Seidel.

        Use vsnprintf instead of vasprintf for RVCT.
        https://bugs.webkit.org/show_bug.cgi?id=32851

        RVCT does not support vasprint, so use vsnprintf instead.

        * dom/XMLTokenizerLibxml2.cpp:
        (WebCore::XMLTokenizer::error):
Comment 1 Kwang Yul Seo 2009-12-22 02:23:03 PST 
Created attachment 45377 [details]
Ooops. Don't free the pointer for COMPILER(RVCT).
Comment 2 WebKit Review Bot 2009-12-22 02:24:09 PST 
style-queue ran check-webkit-style on attachment 45377 [details] without any errors.
Comment 3 WebKit Commit Bot 2009-12-22 10:44:03 PST 
Comment on attachment 45377 [details]
Ooops. Don't free the pointer for COMPILER(RVCT).

Clearing flags on attachment: 45377

Committed r52491: <http://trac.webkit.org/changeset/52491>
Comment 4 WebKit Commit Bot 2009-12-22 10:44:07 PST 
All reviewed patches have been landed.  Closing bug.