[webkit-changes] [126089] trunk/Tools

Mon, 20 Aug 2012 16:39:14 -0700

Title: [126089] trunk/Tools
Revision
126089
Author
[email protected]
Date
2012-08-20 16:39:39 -0700 (Mon, 20 Aug 2012)

Log Message

Unsafe vsprintf usage in TestNetscapePlugin
https://bugs.webkit.org/show_bug.cgi?id=94522

Reviewed by Adam Barth.

* DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:
(pluginLogWithArguments): Using vsnprintf instead of vsprintf to ensure we don't overflow
    the message buffer.
(testDocumentOpen):
(testWindowOpen):

Modified Paths

Diff

Modified: trunk/Tools/ChangeLog (126088 => 126089)


--- trunk/Tools/ChangeLog	2012-08-20 23:33:47 UTC (rev 126088)
+++ trunk/Tools/ChangeLog	2012-08-20 23:39:39 UTC (rev 126089)
@@ -1,3 +1,16 @@
+2012-08-20  Nate Chapin  <[email protected]>
+
+        Unsafe vsprintf usage in TestNetscapePlugin
+        https://bugs.webkit.org/show_bug.cgi?id=94522
+
+        Reviewed by Adam Barth.
+
+        * DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:
+        (pluginLogWithArguments): Using vsnprintf instead of vsprintf to ensure we don't overflow
+            the message buffer.
+        (testDocumentOpen):
+        (testWindowOpen):
+
 2012-08-20  George Staikos  <[email protected]>
 
         [BlackBerry] Enable XHR Response BLOB

Modified: trunk/Tools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp (126088 => 126089)


--- trunk/Tools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp	2012-08-20 23:33:47 UTC (rev 126088)
+++ trunk/Tools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp	2012-08-20 23:39:39 UTC (rev 126089)
@@ -60,23 +60,13 @@
     browser->releaseobject(consoleObject);
 }
 
-// Helper function which takes in the plugin window object for logging to the console object. This function supports variable
-// arguments.
-static void pluginLogWithWindowObjectVariableArgs(NPObject* windowObject, NPP instance, const char* format, ...)
-{
-    va_list args;
-    va_start(args, format);
-    char message[2048] = "PLUGIN: ";
-    vsprintf(message + strlen(message), format, args);
-    va_end(args);
-
-    pluginLogWithWindowObject(windowObject, instance, message);
-}
-             
 void pluginLogWithArguments(NPP instance, const char* format, va_list args)
 {
-    char message[2048] = "PLUGIN: ";
-    vsprintf(message + strlen(message), format, args);
+    const size_t messageBufferSize = 2048;
+    char message[messageBufferSize] = "PLUGIN: ";
+    int messageLength = sizeof("PLUGIN: ") - 1;
+    messageLength += vsnprintf(message + messageLength, messageBufferSize - 1 - messageLength, format, args);
+    message[messageLength] = '\0';
 
     NPObject* windowObject = 0;
     NPError error = browser->getvalue(instance, NPNVWindowNPObject, &windowObject);
@@ -936,7 +926,7 @@
         return false;
     }
 
-    pluginLogWithWindowObjectVariableArgs(windowObject, npp, "DOCUMENT OPEN SUCCESS");
+    pluginLogWithWindowObject(windowObject, npp, "PLUGIN: DOCUMENT OPEN SUCCESS");
     notifyTestCompletion(npp, result.value.objectValue);
     browser->releaseobject(result.value.objectValue);
     browser->releaseobject(windowObject);
@@ -968,7 +958,7 @@
         return false;
     }
 
-    pluginLogWithWindowObjectVariableArgs(windowObject, npp, "WINDOW OPEN SUCCESS");
+    pluginLogWithWindowObject(windowObject, npp, "PLUGIN: WINDOW OPEN SUCCESS");
     notifyTestCompletion(npp, result.value.objectValue);
     browser->releaseobject(result.value.objectValue);
     browser->releaseobject(windowObject);

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to