[Webkit-unassigned] [Bug 22623] New: Uninitialized memory access in cache parsing code

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Dec 3 05:13:02 PST 2008


https://bugs.webkit.org/show_bug.cgi?id=22623

           Summary: Uninitialized memory access in cache parsing code
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: deanm at chromium.org
                CC: ddkilzer at webkit.org


http://trac.webkit.org/changeset/38145
https://bugs.webkit.org/show_bug.cgi?id=21596

This patch added two additional fields:

        129         mutable bool m_haveParsedCacheControlHeader:1; 
        130         mutable bool m_haveParsedPragmaHeader:1; 

These are not initialized anywhere.  They should likely both be set to false in
the constructor above.  This is causing undefined behavior, it can lead to the
code thinking we have already parsed the cache control header (and returning
the already parsed value), when we actually have no parsed anything.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list