Title: [104249] branches/safari-534.54-branch/Source/WebCore
Diff
Modified: branches/safari-534.54-branch/Source/WebCore/ChangeLog (104248 => 104249)
--- branches/safari-534.54-branch/Source/WebCore/ChangeLog 2012-01-06 01:01:33 UTC (rev 104248)
+++ branches/safari-534.54-branch/Source/WebCore/ChangeLog 2012-01-06 01:02:07 UTC (rev 104249)
@@ -1,5 +1,18 @@
2011-1-5 Lucas Forschler <[email protected]>
+ Merge 99999
+
+ 2011-11-11 David Kilzer <[email protected]>
+
+ <http://webkit.org/b/71921> Remove use of strcpy in KURL
+
+ Reviewed by Antti Koivisto.
+
+ * platform/KURL.cpp:
+ (WebCore::KURL::init): Replace strcpy() with strncpy().
+
+2011-1-5 Lucas Forschler <[email protected]>
+
Merge 99756
2011-11-09 Ken Buchanan <[email protected]>
Modified: branches/safari-534.54-branch/Source/WebCore/platform/KURL.cpp (104248 => 104249)
--- branches/safari-534.54-branch/Source/WebCore/platform/KURL.cpp 2012-01-06 01:01:33 UTC (rev 104248)
+++ branches/safari-534.54-branch/Source/WebCore/platform/KURL.cpp 2012-01-06 01:02:07 UTC (rev 104249)
@@ -473,9 +473,11 @@
// must be relative-path reference
// Base part plus relative part plus one possible slash added in between plus terminating \0 byte.
- parseBuffer.resize(base.m_pathEnd + 1 + len + 1);
+ const size_t bufferSize = base.m_pathEnd + 1 + len + 1;
+ parseBuffer.resize(bufferSize);
char* bufferPos = parseBuffer.data();
+ const char* bufferStart = bufferPos;
// first copy everything before the path from the base
unsigned baseLength = base.m_string.length();
@@ -538,7 +540,7 @@
// all done with the path work, now copy any remainder
// of the relative reference; this will also add a null terminator
- strcpy(bufferPos, relStringPos);
+ strncpy(bufferPos, relStringPos, bufferSize - (bufferPos - bufferStart));
parse(parseBuffer.data(), relative);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
