[webkit-changes] [140751] trunk/Source/WebCore

Thu, 24 Jan 2013 16:54:31 -0800

Title: [140751] trunk/Source/WebCore
Revision
140751
Author
[email protected]
Date
2013-01-24 16:56:19 -0800 (Thu, 24 Jan 2013)

Log Message

NPN_InitializeVariantWithStringCopy is wrong for platforms returning NULL from malloc(0)
https://bugs.webkit.org/show_bug.cgi?id=96272

Patch by Julien Brianceau <[email protected]> on 2013-01-24
Reviewed by Alexey Proskuryakov.

No new tests. This is platform dependent.

* bridge/npruntime.cpp:
(NPN_InitializeVariantWithStringCopy):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (140750 => 140751)


--- trunk/Source/WebCore/ChangeLog	2013-01-25 00:45:22 UTC (rev 140750)
+++ trunk/Source/WebCore/ChangeLog	2013-01-25 00:56:19 UTC (rev 140751)
@@ -1,3 +1,15 @@
+2013-01-24  Julien Brianceau  <[email protected]>
+
+        NPN_InitializeVariantWithStringCopy is wrong for platforms returning NULL from malloc(0)
+        https://bugs.webkit.org/show_bug.cgi?id=96272
+
+        Reviewed by Alexey Proskuryakov.
+
+        No new tests. This is platform dependent.
+
+        * bridge/npruntime.cpp:
+        (NPN_InitializeVariantWithStringCopy):
+
 2013-01-24  Christian Biesinger  <[email protected]>
 
         resize property doesn't work on iframes

Modified: trunk/Source/WebCore/bridge/npruntime.cpp (140750 => 140751)


--- trunk/Source/WebCore/bridge/npruntime.cpp	2013-01-25 00:45:22 UTC (rev 140750)
+++ trunk/Source/WebCore/bridge/npruntime.cpp	2013-01-25 00:56:19 UTC (rev 140751)
@@ -85,8 +85,10 @@
 {
     variant->type = NPVariantType_String;
     variant->value.stringValue.UTF8Length = value->UTF8Length;
-    variant->value.stringValue.UTF8Characters = (NPUTF8 *)malloc(sizeof(NPUTF8) * value->UTF8Length);
-    if (!variant->value.stringValue.UTF8Characters)
+    // Switching to fastMalloc would be better to avoid length check but this is not desirable
+    // as NPN_MemAlloc is using malloc and there might be plugins that mix NPN_MemAlloc and malloc too.
+    variant->value.stringValue.UTF8Characters = (NPUTF8*)malloc(sizeof(NPUTF8) * value->UTF8Length);
+    if (value->UTF8Length && !variant->value.stringValue.UTF8Characters)
         CRASH();
     memcpy((void*)variant->value.stringValue.UTF8Characters, value->UTF8Characters, sizeof(NPUTF8) * value->UTF8Length);
 }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to