[Webkit-unassigned] [Bug 32861] New: when condition COMPILER(RVCT) is fulfilled, we are trying to free a pointer to array allocated on the stack
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 22 01:39:39 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=32861
Summary: when condition COMPILER(RVCT) is fulfilled, we are
trying to free a pointer to array allocated on the
stack
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Other
Status: UNCONFIRMED
Severity: Normal
Priority: P1
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fridrich.strba at bluewin.ch
The following commit added COMPILER(RVCT) condition to the function and uses
vsnprintf on a char[1024] and forgets to add the same condition for not freeing
the variable. This might lead to a crash at runtime.
2009-12-21 Kwang Yul Seo <skyul at company100.net>
Reviewed by Eric Seidel.
Use vsnprintf instead of vasprintf for RVCT.
https://bugs.webkit.org/show_bug.cgi?id=32851
RVCT does not support vasprint, so use vsnprintf instead.
* dom/XMLTokenizerLibxml2.cpp:
(WebCore::XMLTokenizer::error):
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list