[Webkit-unassigned] [Bug 19309] uninitialised variable in PluginView

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu May 29 10:01:23 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=19309


alp at nuanti.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|0                           |1




------- Comment #3 from alp at nuanti.com  2008-05-29 10:01 PDT -------
The Moonlight plugin team also noticed they were relying on structures being
zeroed when initialized, since this is Mozilla's behavour (at least on
Linux/X11, I understand NPN_MemAlloc zeros as well as allocating while ours
doesn't zero). They fixed the assumptions in their code, but I wonder if we
should just go ahead and zero all newly-allocated data and structures passed to
plugins as a rule rather than patching up issues individually as we discover
them.

If plugins in the wild are assuming the allocated data is zeroed and
transmitting uninitialised buffers over the network this could lead to security
issues even in plugins that seem to work fine.


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list