[webkit-changes] [204502] trunk/Source/WebCore

[pvollan]

Title: [204502] trunk/Source/WebCore

Revision

204502

Author

pvol...@apple.com

Date

2016-08-16 02:43:04 -0700 (Tue, 16 Aug 2016)

Log Message

[Win] Hardening of getLinkedFonts function.
https://bugs.webkit.org/show_bug.cgi?id=160850

The SUCCEEDED macro should only be used for functions returning a HRESULT type.
Also, make sure a string array index will not exceed the string length.

* platform/graphics/win/FontCacheWin.cpp:
(WebCore::getLinkedFonts):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/platform/graphics/win/FontCacheWin.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (204501 => 204502)

--- trunk/Source/WebCore/ChangeLog	2016-08-16 07:55:12 UTC (rev 204501)
+++ trunk/Source/WebCore/ChangeLog	2016-08-16 09:43:04 UTC (rev 204502)
@@ -1,3 +1,14 @@
+2016-08-16  Per Arne Vollan  <pvol...@apple.com>
+
+        [Win] Hardening of getLinkedFonts function.
+        https://bugs.webkit.org/show_bug.cgi?id=160850
+
+        The SUCCEEDED macro should only be used for functions returning a HRESULT type.
+        Also, make sure a string array index will not exceed the string length.
+
+        * platform/graphics/win/FontCacheWin.cpp:
+        (WebCore::getLinkedFonts):
+
 2016-08-16  Alex Christensen  <achristen...@webkit.org>
 
         Simplify SocketStreamError

Modified: trunk/Source/WebCore/platform/graphics/win/FontCacheWin.cpp (204501 => 204502)

--- trunk/Source/WebCore/platform/graphics/win/FontCacheWin.cpp	2016-08-16 07:55:12 UTC (rev 204501)
+++ trunk/Source/WebCore/platform/graphics/win/FontCacheWin.cpp	2016-08-16 09:43:04 UTC (rev 204502)
@@ -116,12 +116,15 @@
     }
 
     WCHAR* linkedFonts = reinterpret_cast<WCHAR*>(malloc(linkedFontsBufferSize));
-    if (SUCCEEDED(RegQueryValueEx(fontLinkKey, family.charactersWithNullTermination().data(), 0, NULL, reinterpret_cast<BYTE*>(linkedFonts), &linkedFontsBufferSize))) {
+    if (::RegQueryValueEx(fontLinkKey, family.charactersWithNullTermination().data(), 0, nullptr, reinterpret_cast<BYTE*>(linkedFonts), &linkedFontsBufferSize) == ERROR_SUCCESS) {
         unsigned i = 0;
         unsigned length = linkedFontsBufferSize / sizeof(*linkedFonts);
         while (i < length) {
             while (i < length && linkedFonts[i] != ',')
                 i++;
+            // Break if we did not find a comma.
+            if (i == length)
+                break;
             i++;
             unsigned j = i;
             while (j < length && linkedFonts[j])

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes