54737 – Memory allocation error in convertV8ObjectToNPVariant() for strings

RESOLVED FIXED Bug 54737

Memory allocation error in convertV8ObjectToNPVariant() for strings

https://bugs.webkit.org/show_bug.cgi?id=54737

Summary Memory allocation error in convertV8ObjectToNPVariant() for strings

Steve Block

Reported 2011-02-18 03:08:48 PST

http://trac.webkit.org/changeset/76264 modified convertV8ObjectToNPVariant() to use malloc() and memcpy() rather than strdup(). This introduced a crashing bug as the null terminator is not included in the length used to allocate memory and copy the string.

Attachments
Patch (1.72 KB, patch) 2011-02-18 04:16 PST, Steve Block	kling: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Steve Block

Comment 1 2011-02-18 04:16:31 PST

Created attachment 82941 [details] Patch

Andreas Kling

Comment 2 2011-02-18 04:23:55 PST

Comment on attachment 82941 [details] Patch LGTM.

Steve Block

Comment 3 2011-02-18 04:27:58 PST

Committed r78994: <http://trac.webkit.org/changeset/78994>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2011-02-18 03:08 PST

Modified

2011-02-18 04:27 PST History

CC List

2 users Show

URL

Keywords

Depends on

Blocks