Title: [234418] releases/WebKitGTK/webkit-2.20/Source/ThirdParty
- Revision
- 234418
- Author
- [email protected]
- Date
- 2018-07-31 02:25:16 -0700 (Tue, 31 Jul 2018)
Log Message
Merge r233404 - Fix off-by-one error in xdg_mime_get_simple_globs
https://bugs.webkit.org/show_bug.cgi?id=186554
Reviewed by Daniel Bates.
We have an off-by-one error here in some code that was added for WebKit. (This is not an
issue with upstream xdgmime.)
No new tests. This problem is caught by TestDownloads, but only when running with ASan
enabled.
* xdgmime/src/xdgmimecache.c:
(get_simple_globs):
* xdgmime/src/xdgmimeglob.c:
(get_simple_globs):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.20/Source/ThirdParty/ChangeLog (234417 => 234418)
--- releases/WebKitGTK/webkit-2.20/Source/ThirdParty/ChangeLog 2018-07-31 09:25:12 UTC (rev 234417)
+++ releases/WebKitGTK/webkit-2.20/Source/ThirdParty/ChangeLog 2018-07-31 09:25:16 UTC (rev 234418)
@@ -1,3 +1,21 @@
+2018-06-30 Michael Catanzaro <[email protected]>
+
+ Fix off-by-one error in xdg_mime_get_simple_globs
+ https://bugs.webkit.org/show_bug.cgi?id=186554
+
+ Reviewed by Daniel Bates.
+
+ We have an off-by-one error here in some code that was added for WebKit. (This is not an
+ issue with upstream xdgmime.)
+
+ No new tests. This problem is caught by TestDownloads, but only when running with ASan
+ enabled.
+
+ * xdgmime/src/xdgmimecache.c:
+ (get_simple_globs):
+ * xdgmime/src/xdgmimeglob.c:
+ (get_simple_globs):
+
2018-05-10 Michael Catanzaro <[email protected]>
Fix some -Wstring-op-truncation warnings
Modified: releases/WebKitGTK/webkit-2.20/Source/ThirdParty/xdgmime/src/xdgmimecache.c (234417 => 234418)
--- releases/WebKitGTK/webkit-2.20/Source/ThirdParty/xdgmime/src/xdgmimecache.c 2018-07-31 09:25:12 UTC (rev 234417)
+++ releases/WebKitGTK/webkit-2.20/Source/ThirdParty/xdgmime/src/xdgmimecache.c 2018-07-31 09:25:16 UTC (rev 234418)
@@ -1038,6 +1038,9 @@
xdg_uint32_t child_offset;
int i;
+ assert (*n >= 0);
+ assert (depth >= 0);
+
if (*n >= n_globs)
return FALSE;
@@ -1046,7 +1049,7 @@
xdg_uint32_t mime_offset = GET_UINT32 (cache->buffer, offset + 4);
if (strcasecmp (cache->buffer + mime_offset, mime) == 0) {
- globs[*n] = malloc (depth * sizeof (char));
+ globs[*n] = malloc ((depth + 1) * sizeof (char));
for (i = 0; i < depth; i++)
globs[*n][depth - i - 1] = prefix[i];
globs[*n][depth] = '\0';
Modified: releases/WebKitGTK/webkit-2.20/Source/ThirdParty/xdgmime/src/xdgmimeglob.c (234417 => 234418)
--- releases/WebKitGTK/webkit-2.20/Source/ThirdParty/xdgmime/src/xdgmimeglob.c 2018-07-31 09:25:12 UTC (rev 234417)
+++ releases/WebKitGTK/webkit-2.20/Source/ThirdParty/xdgmime/src/xdgmimeglob.c 2018-07-31 09:25:16 UTC (rev 234418)
@@ -484,6 +484,9 @@
xdg_unichar_t *prefix,
int depth)
{
+ assert (*n >= 0);
+ assert (depth >= 0);
+
if (*n >= n_globs)
return FALSE;
@@ -495,7 +498,7 @@
{
int i;
- globs[*n] = malloc (depth * sizeof (char));
+ globs[*n] = malloc ((depth + 1) * sizeof (char));
for (i = 0; i < depth; i++)
globs[*n][depth - i - 1] = prefix[i];
globs[*n][depth] = '\0';
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
