[Webkit-unassigned] [Bug 23698] New: CSSStringValue::lower() is unsafe when CSSStringValues are created from StringImpls
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 2 14:10:57 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=23698
Summary: CSSStringValue::lower() is unsafe when CSSStringValues
are created from StringImpls
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: CSS
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: eric at webkit.org
CC: hyatt at apple.com, bdakin at apple.com
Ivan just pointed this out to me:
CSSStringValue::lower() is unsafe when CSSStringValues are created from
StringImpls
lower() mutates the underlying UChar* buffer, which is not intrinsically safe
to do. Ivan was going to try replacing CSSStringValue with a StringImpl* and
see what breaks (there will obviously be performance considerations).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list