RESOLVED FIXED89353
Crash in CSPSource::parseSource. 
https://bugs.webkit.org/show_bug.cgi?id=89353
Summary Crash in CSPSource::parseSource.
Mike West
Reported 2012-06-18 09:51:13 PDT
CSPSource::parseSource should check that it hasn't run past the end of a string before dereferencing pointers. Patch coming in a moment.
Attachments
Patch (2.36 KB, patch)
2012-06-18 09:54 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Adding a test. (4.70 KB, patch)
2012-06-18 10:28 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mike West
Comment 1 2012-06-18 09:54:42 PDT
Created attachment 148110 [details] Patch
Adam Barth
Comment 2 2012-06-18 10:07:58 PDT
Comment on attachment 148110 [details] Patch This is from your patch yesterdady, right? Also, where are the tests?
Mike West
Comment 3 2012-06-18 10:28:44 PDT
Created attachment 148124 [details] Adding a test.
Mike West
Comment 4 2012-06-18 10:30:02 PDT
(In reply to comment #2) > (From update of attachment 148110 [details]) > This is from your patch yesterdady, right? Yesterday or the day before, yes. > Also, where are the tests? Good call. Added.
Mike West
Comment 5 2012-06-18 10:30:38 PDT
(In reply to comment #2) > (From update of attachment 148110 [details]) > This is from your patch yesterdady, right? Regressed here: https://trac.webkit.org/changeset/120540/
Adam Barth
Comment 6 2012-06-18 11:42:17 PDT
If this is just a day old, then we don't need to flag this as security.
WebKit Review Bot
Comment 7 2012-06-18 12:51:28 PDT
Comment on attachment 148124 [details] Adding a test. Clearing flags on attachment: 148124 Committed r120617: <http://trac.webkit.org/changeset/120617>
WebKit Review Bot
Comment 8 2012-06-18 12:51:34 PDT
All reviewed patches have been landed. Closing bug.
Adam Barth
Comment 10 2012-06-18 13:51:18 PDT
Mike: any idea why we're getting different results on Mac?
Adam Barth
Comment 11 2012-06-18 13:53:59 PDT
Looks like it produces that same result in Chromium too. I wonder why the commit-queue landed it.
Adam Barth
Comment 12 2012-06-18 13:54:56 PDT
/me will fix.
Mike West
Comment 13 2012-06-18 13:59:33 PDT
Apologies, I apparently didn't commit the new test results when I generated the second patch. :( Thanks for taking care of it, Adam.
Adam Barth
Comment 14 2012-06-18 14:12:51 PDT
Should be fixed in <http://trac.webkit.org/changeset/120625>. There's likely a bug in the commit-queue here too since this failure should have prevented the patch from landing.
Note You need to log in before you can comment on or make changes to this bug.