[Webkit-unassigned] [Bug 22134] New: -[WebHistoryItem dictionaryRepresentation] accesses past the end of a vector
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 7 17:00:25 PST 2008
https://bugs.webkit.org/show_bug.cgi?id=22134
Summary: -[WebHistoryItem dictionaryRepresentation] accesses past
the end of a vector
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: History
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: agolden at apple.com
The for loop to iterate over the children vector in -[WebHistoryItem
dictionaryRepresentation] starts out with i = children.size(), so if we ever
hit that loop we're going to attempt an access past the end of the children
vector. It should be i = children.size()-1.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list