[Webkit-unassigned] [Bug 45391] QtWebKit asserts when selecting elided text.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 9 17:08:48 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=45391
Ademar Reis <ademar.reis at openbossa.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |39121, 35784
--- Comment #24 from Ademar Reis <ademar.reis at openbossa.org> 2010-12-09 17:08:48 PST ---
(In reply to comment #23)
> (In reply to comment #22)
> > (In reply to comment #21)
> > > I believe a fix for a crash that happens by openging a web page is worth including in the release (or in a later minor update)... It can even be classified as a security vuln (at minimum it's a DoS).
> >
> > Yep, I was under the assumption it is only invalid selection and assertion in debug. If this can cause a crash in release, I agree this need to go in 2.0 and 2.1.
>
> I didn't see any crashes when testing in release mode myself but using a QString returned by fromRawDataWithoutRef() could certainly read and write to memory out of bounds.
So it's a simple fix and has potential security implications. I'm adding it as a blocker for 2.1 and 2.0.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list