[Webkit-unassigned] [Bug 17814] Reading past end of string, for certain malformed <?xml ..?> tags
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 13 12:00:22 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=17814
------- Comment #5 from minatoar at gmail.com 2008-03-13 12:00 PDT -------
The following test should repro the problem:
$ cat broken.html
<?xml version="1.0" encoding="iso-8859-2>
(Apologies, the example I posted earlier was for an outdated version of webkit)
I was running webkit with Purify tool on Windows, and it showed the problem to
be in findXMLEncoding():
// Find the trailing quotation mark.
int end = pos;
while (str[end] != quoteMark) <----- Access Violation
++end;
Since the input contains no terminal quote mark, it reads past end of string.
In trunk I see that this is fixed, as the line now reads:
while (end < len && str[end] != quoteMark)
(At some point I was repro-ing this with missing question mark too, but this
seems to have gone away when I synched up my client recentish.)
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list