[Webkit-unassigned] [Bug 12081] New: Crash in Windows cookie code if cookies change between calls

Tue Jan 2 13:25:39 PST 2007

http://bugs.webkit.org/show_bug.cgi?id=12081

           Summary: Crash in Windows cookie code if cookies change between
                    calls
           Product: WebKit
           Version: 420+ (nightly)
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Platform
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: marv.decker at gmail.com

in CookieJarWin.cpp, we call InternetGetCookie to get the length of the buffer,
then call it again once a buffer of the correct size has been constructed.
However, the cookies can change between these values if another process (or
possibly some other cases, I'm not sure) changes the cookies for the page
between these calls.

In particular, if the cookies are deleted, we will make a string of length -1,
causing a crash. If more cookies are added, the returned cookies will be
truncated.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.