[webkit-changes] [233404] trunk/Source/ThirdParty

[mcatanzaro]

Title: [233404] trunk/Source/ThirdParty

Revision

233404

Author

mcatanz...@igalia.com

Date

2018-06-30 18:15:38 -0700 (Sat, 30 Jun 2018)

Log Message

Fix off-by-one error in xdg_mime_get_simple_globs
https://bugs.webkit.org/show_bug.cgi?id=186554

Reviewed by Daniel Bates.

We have an off-by-one error here in some code that was added for WebKit. (This is not an
issue with upstream xdgmime.)

No new tests. This problem is caught by TestDownloads, but only when running with ASan
enabled.

* xdgmime/src/xdgmimecache.c:
(get_simple_globs):
* xdgmime/src/xdgmimeglob.c:
(get_simple_globs):

Modified Paths

• trunk/Source/ThirdParty/ChangeLog
• trunk/Source/ThirdParty/xdgmime/src/xdgmimecache.c
• trunk/Source/ThirdParty/xdgmime/src/xdgmimeglob.c

Diff

Modified: trunk/Source/ThirdParty/ChangeLog (233403 => 233404)

--- trunk/Source/ThirdParty/ChangeLog	2018-07-01 00:06:38 UTC (rev 233403)
+++ trunk/Source/ThirdParty/ChangeLog	2018-07-01 01:15:38 UTC (rev 233404)
@@ -1,3 +1,21 @@
+2018-06-30  Michael Catanzaro  <mcatanz...@igalia.com>
+
+        Fix off-by-one error in xdg_mime_get_simple_globs
+        https://bugs.webkit.org/show_bug.cgi?id=186554
+
+        Reviewed by Daniel Bates.
+
+        We have an off-by-one error here in some code that was added for WebKit. (This is not an
+        issue with upstream xdgmime.)
+
+        No new tests. This problem is caught by TestDownloads, but only when running with ASan
+        enabled.
+
+        * xdgmime/src/xdgmimecache.c:
+        (get_simple_globs):
+        * xdgmime/src/xdgmimeglob.c:
+        (get_simple_globs):
+
 2018-06-27  Michael Catanzaro  <mcatanz...@igalia.com>
 
         MIME type subclass check should guard against small strings

Modified: trunk/Source/ThirdParty/xdgmime/src/xdgmimecache.c (233403 => 233404)

--- trunk/Source/ThirdParty/xdgmime/src/xdgmimecache.c	2018-07-01 00:06:38 UTC (rev 233403)
+++ trunk/Source/ThirdParty/xdgmime/src/xdgmimecache.c	2018-07-01 01:15:38 UTC (rev 233404)
@@ -1047,6 +1047,9 @@
   xdg_uint32_t child_offset;
   int i;
 
+  assert (*n >= 0);
+  assert (depth >= 0);
+
   if (*n >= n_globs)
     return FALSE;
 
@@ -1055,7 +1058,7 @@
       xdg_uint32_t mime_offset = GET_UINT32 (cache->buffer, offset + 4);
 
       if (strcasecmp (cache->buffer + mime_offset, mime) == 0) {
-        globs[*n] = malloc (depth * sizeof (char));
+        globs[*n] = malloc ((depth + 1) * sizeof (char));
         for (i = 0; i < depth; i++)
           globs[*n][depth - i - 1] = prefix[i];
         globs[*n][depth] = '\0';

Modified: trunk/Source/ThirdParty/xdgmime/src/xdgmimeglob.c (233403 => 233404)

--- trunk/Source/ThirdParty/xdgmime/src/xdgmimeglob.c	2018-07-01 00:06:38 UTC (rev 233403)
+++ trunk/Source/ThirdParty/xdgmime/src/xdgmimeglob.c	2018-07-01 01:15:38 UTC (rev 233404)
@@ -484,6 +484,9 @@
                   xdg_unichar_t   *prefix,
                   int              depth)
 {
+  assert (*n >= 0);
+  assert (depth >= 0);
+
   if (*n >= n_globs)
     return FALSE;
 
@@ -495,7 +498,7 @@
         {
           int i;
 
-          globs[*n] = malloc (depth * sizeof (char));
+          globs[*n] = malloc ((depth + 1) * sizeof (char));
           for (i = 0; i < depth; i++)
             globs[*n][depth - i - 1] = prefix[i];
           globs[*n][depth] = '\0';

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes