[webkit-reviews] review granted: [Bug 91642] OOB read of stack buffer below DoubleToStringConverter::CreateExponentialRepresentation() in debug builds : [Attachment 153076] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 18 13:52:50 PDT 2012
Abhishek Arya <inferno at chromium.org> has granted Thomas Sepez
<tsepez at chromium.org>'s request for review:
Bug 91642: OOB read of stack buffer below
DoubleToStringConverter::CreateExponentialRepresentation() in debug builds
https://bugs.webkit.org/show_bug.cgi?id=91642
Attachment 153076: Patch
https://bugs.webkit.org/attachment.cgi?id=153076&action=review
------- Additional Comments from Abhishek Arya <inferno at chromium.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=153076&action=review
Was the testcase minimizable ? i know it looked ugly on ClusterFuzz.
> Source/WTF/ChangeLog:9
> + (DoubleToStringConverter::CreateExponentialRepresentation):
NUL-terminate string buffer before passing it to StringBuilder::AddSubstring()
typo s/NUL/NULL
> Source/WTF/wtf/dtoa/double-conversion.cc:107
> + buffer[first_char_pos] = '\0';
nit: it will be more readable to use kMaxExponentLength instead of
first_char_pos.
More information about the webkit-reviews
mailing list