[Webkit-unassigned] [Bug 28131] [Haiku] Adding font-specific files to WebCore.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 20 16:39:05 PDT 2009


https://bugs.webkit.org/show_bug.cgi?id=28131


Oliver Hunt <oliver at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #34894|review?                     |review-
               Flag|                            |




--- Comment #14 from Oliver Hunt <oliver at apple.com>  2009-08-20 16:39:03 PDT ---
(From update of attachment 34894)
> +static font_family* findMatchingFontFamily(const AtomicString& familyName)
> +{
> +    font_family family;
> +
> +    if (BFont().SetFamilyAndStyle(BString(familyName.string()).String(), 0) == B_OK)
> +        strcpy(family, BString(familyName.string()).String());
Not sure where familyName comes from, but i suspect it's from CSS, and that
means you have a buffer overflow vulnerability here.  Never use strcpy --
always strncpy.  That said, wth is a font_family?  From reading this it looks
like it's just a string?

> +    else {
> +        // If no font family is found for the given name, we use a generic font.
> +        if (BString(familyName.string()).FindFirst("Sans") != B_ERROR)
> +            strcpy(family, "DejaVu Sans");
> +        else if (BString(familyName.string()).FindFirst("Serif") != B_ERROR)
> +            strcpy(family, "DejaVu Serif");
> +        else if (BString(familyName.string()).FindFirst("Mono") != B_ERROR)
> +            strcpy(family, "DejaVu Mono");
> +        else // This is the fallback font.
> +            strcpy(family, "DejaVu Serif");
This code seems to repeatedly create the same bstring, which seems
unnecessarily expensive.  More over i'm fairly sure AtomicString has all the
logic you need to do this without ever creating a bstring anyway.

> +    }
> +
> +    font_family* fontFamily = &family;
> +    return fontFamily;
You can't return a pointer to a stack allocated variable, it's just not okay --
the code structure implies that the compiler even warned you.

> +}
> +
> +static font_style* findMatchingFontStyle(font_family family, bool bold, bool oblique)
> +{
> +    font_style style;
...
> +    font_style* fontStyle = &style;
> +    return fontStyle;
Once again, don't return pointers to locals -- you're far better off just using
out parameters

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list