Title: [233404] trunk/Source/ThirdParty
- Revision
- 233404
- Author
- mcatanz...@igalia.com
- Date
- 2018-06-30 18:15:38 -0700 (Sat, 30 Jun 2018)
Log Message
Fix off-by-one error in xdg_mime_get_simple_globs
https://bugs.webkit.org/show_bug.cgi?id=186554
Reviewed by Daniel Bates.
We have an off-by-one error here in some code that was added for WebKit. (This is not an
issue with upstream xdgmime.)
No new tests. This problem is caught by TestDownloads, but only when running with ASan
enabled.
* xdgmime/src/xdgmimecache.c:
(get_simple_globs):
* xdgmime/src/xdgmimeglob.c:
(get_simple_globs):
Modified Paths
Diff
Modified: trunk/Source/ThirdParty/ChangeLog (233403 => 233404)
--- trunk/Source/ThirdParty/ChangeLog 2018-07-01 00:06:38 UTC (rev 233403)
+++ trunk/Source/ThirdParty/ChangeLog 2018-07-01 01:15:38 UTC (rev 233404)
@@ -1,3 +1,21 @@
+2018-06-30 Michael Catanzaro <mcatanz...@igalia.com>
+
+ Fix off-by-one error in xdg_mime_get_simple_globs
+ https://bugs.webkit.org/show_bug.cgi?id=186554
+
+ Reviewed by Daniel Bates.
+
+ We have an off-by-one error here in some code that was added for WebKit. (This is not an
+ issue with upstream xdgmime.)
+
+ No new tests. This problem is caught by TestDownloads, but only when running with ASan
+ enabled.
+
+ * xdgmime/src/xdgmimecache.c:
+ (get_simple_globs):
+ * xdgmime/src/xdgmimeglob.c:
+ (get_simple_globs):
+
2018-06-27 Michael Catanzaro <mcatanz...@igalia.com>
MIME type subclass check should guard against small strings
Modified: trunk/Source/ThirdParty/xdgmime/src/xdgmimecache.c (233403 => 233404)
--- trunk/Source/ThirdParty/xdgmime/src/xdgmimecache.c 2018-07-01 00:06:38 UTC (rev 233403)
+++ trunk/Source/ThirdParty/xdgmime/src/xdgmimecache.c 2018-07-01 01:15:38 UTC (rev 233404)
@@ -1047,6 +1047,9 @@
xdg_uint32_t child_offset;
int i;
+ assert (*n >= 0);
+ assert (depth >= 0);
+
if (*n >= n_globs)
return FALSE;
@@ -1055,7 +1058,7 @@
xdg_uint32_t mime_offset = GET_UINT32 (cache->buffer, offset + 4);
if (strcasecmp (cache->buffer + mime_offset, mime) == 0) {
- globs[*n] = malloc (depth * sizeof (char));
+ globs[*n] = malloc ((depth + 1) * sizeof (char));
for (i = 0; i < depth; i++)
globs[*n][depth - i - 1] = prefix[i];
globs[*n][depth] = '\0';
Modified: trunk/Source/ThirdParty/xdgmime/src/xdgmimeglob.c (233403 => 233404)
--- trunk/Source/ThirdParty/xdgmime/src/xdgmimeglob.c 2018-07-01 00:06:38 UTC (rev 233403)
+++ trunk/Source/ThirdParty/xdgmime/src/xdgmimeglob.c 2018-07-01 01:15:38 UTC (rev 233404)
@@ -484,6 +484,9 @@
xdg_unichar_t *prefix,
int depth)
{
+ assert (*n >= 0);
+ assert (depth >= 0);
+
if (*n >= n_globs)
return FALSE;
@@ -495,7 +498,7 @@
{
int i;
- globs[*n] = malloc (depth * sizeof (char));
+ globs[*n] = malloc ((depth + 1) * sizeof (char));
for (i = 0; i < depth; i++)
globs[*n][depth - i - 1] = prefix[i];
globs[*n][depth] = '\0';
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes